[Snort-users] Swatch + Snort: SMTP HELO overflow attempt

jo cam jo.cam at ...6346...
Wed Oct 23 08:45:05 EDT 2002


Thanks for your help. The following mail command seems work

mail jo.cam at ...6346...,subject=Snort_Alert

But snort generate the following alerts:
- "HELO overflow attempt [Classification: Attempted
Administrator Privilege Gain] [Priority: 1]: {TCP}" from my
workstaion to the SMTP server
- "spp_portscan: PORTSCAN DETECTED" from my DNS server

In my snort.conf i had the following configuration:
var DNS_SERVERS ip_of_my_dns_server/32
preprocessor portscan: 4 3 /path_to_portscan.log
preprocessor portscan-ignorehosts: $DNS_SERVERS

So how can i setup my config to reduce these alerts?


Gagne une PS2 ! Envoie un SMS avec le code PS au 61166
(0,35€ Hors coût du SMS)

More information about the Snort-users mailing list