[Snort-users] 1000s of SMTP RCPT TO overflow and Speedera Pings

Jeremy Junginger jjunginger at ...6548...
Wed Aug 14 14:24:02 EDT 2002


I don't know if this will apply to your data flows, but whenever I see
SMTP RCPT TO OVERFLOW alert, it indicates an open SMTP relay.  Please
disregard if this offends or does not apply, but you may check the
configuration of the destination host to ensure that it is not relaying
SPAM.

-Jeremy

-----Original Message-----
From: Eric Joe [mailto:sysop at ...6291...] 
Sent: Wednesday, August 14, 2002 12:08 PM
To: snort-users at lists.sourceforge.net
Subject: [Snort-users] 1000s of SMTP RCPT TO overflow and Speedera Pings


I know what Speedera is (I have read their FAQ), but what I dont
understand why Snorts default rules even counts this as an alert. What
are others on the list doing with Speedera? Would it be a bad idea to
ignore it? The other top alert I am getting is SMTP RCPT TO overflow,
and the targets are mail server/DNS servers. I have manually added my
DNS servers in the snort.conf file, but still have gotten over 5600 of
these in less than 1 week. I am sure these are false alarms, but I want
to get the lists feedback on this.

Thanks in advance

-- 
Eric Joe
Network Operations
Journey's End Internet/Computer Connection Inc




-------------------------------------------------------
This sf.net email is sponsored by: Dice - The leading online job board
for high-tech professionals. Search and apply for tech jobs today!
http://seeker.dice.com/seeker.epl?rel_code=31
_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3248 bytes
Desc: not available
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20020814/84b1d16b/attachment.bin>


More information about the Snort-users mailing list