[Snort-users] False positives with SMTP RCPT TO overflow rule
nlindq at ...3834...
Tue Jun 25 10:10:03 EDT 2002
I just updated my signatures to the latest ones (as of June 24,
anyway) and suddenly I'm getting hundreds of alerts on SMTP RCPT TO
Looking at the payloads in ACID, every one of the alerts appears to
be a false positive, ie, part of a legitimate SMTP conversation.
I did a comparison between the older version of the signature I was
using previously, and the only difference is the addition of the
More information about the Snort-users