[Snort-users] FTP USER overflow attempt alerts, no logged packets.

Dolfred Mascarenhas dolfredm at ...131...
Wed Jul 31 06:46:20 EDT 2002


My snort alerted on the FTP user overflow attempt, as
detailed below. On checking the logs, I observed that
no packets were recorded for this alert, despite the
large number of entries in the alerts file. Offensive
packets were logged on all other alerts, but not this

My Snort version is 1.8.7
Any comments/ideas will be appreciated.


[**] [1:1734:4] FTP USER overflow attempt [**]
[Classification: Attempted Administrator Privilege
Gain] [Priority: 1]
07/29-10:04:20.610705 0:A0:8E:14:EC:E8 -> 0:0:C:7:AC:0
type:0x800 len:0xAA
x.x.x.x:1349 -> x.x.x.x:21 TCP TTL:240 TOS:0x10 ID:0
IpLen:20 DgmLen:156
***AP*** Seq: 0xC7BB95C1 Ack: 0xC7BB95C1 Win: 0x0
TcpLen: 20
[Xref => http://www.securityfocus.com/bid/4638] [Snort

Do You Yahoo!?
Yahoo! Health - Feel better, live better

More information about the Snort-users mailing list