[Snort-users] 1000s of SMTP RCPT TO overflow and Speedera Pings

Ian Macdonald secsnort at ...5528...
Wed Aug 14 17:22:03 EDT 2002


If you are interested in ICMP traffic then it is good to split the icmp data
into different rules so you can safely ignore it or block it on your
firewall. A lot of rules are informational rules that are there to give you
information about what is happening on your network. If you don't care about
it feel free to create a pass rule for that kind of data or it you don't
care about any icmp traffic then disable the whole rule set. One thing to
note, if you disable speedera but not the more general ICMP rules then more
general rule will trigger inside which is why I suggest using a pass rule.

----- Original Message -----
From: "Eric Joe" <sysop at ...6291...>
To: <snort-users at lists.sourceforge.net>
Sent: Wednesday, August 14, 2002 3:08 PM
Subject: [Snort-users] 1000s of SMTP RCPT TO overflow and Speedera Pings


> I know what Speedera is (I have read their FAQ), but what I dont
> understand why Snorts default rules even counts this as an alert. What are
> others on the list doing with Speedera? Would it be a bad idea to ignore
> it?
> The other top alert I am getting is SMTP RCPT TO overflow, and the targets
> are mail server/DNS servers. I have manually added my DNS servers in the
> snort.conf file, but still have gotten over 5600 of these in less than 1
> week. I am sure these are false alarms, but I want to get the lists
> feedback on this.
>
> Thanks in advance
>
> --
> Eric Joe
> Network Operations
> Journey's End Internet/Computer Connection Inc
>
>
>
>
> -------------------------------------------------------
> This sf.net email is sponsored by: Dice - The leading online job board
> for high-tech professionals. Search and apply for tech jobs today!
> http://seeker.dice.com/seeker.epl?rel_code=31
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>






More information about the Snort-users mailing list