[Snort-users] Swatch + Snort: SMTP HELO overflow attempt

jo cam jo.cam at ...6346...
Wed Oct 23 08:45:05 EDT 2002


Hi,

Thanks for your help. The following mail command seems work
fine:

mail jo.cam at ...6346...,subject=Snort_Alert

But snort generate the following alerts:
- "HELO overflow attempt [Classification: Attempted
Administrator Privilege Gain] [Priority: 1]: {TCP}" from my
workstaion to the SMTP server
- "spp_portscan: PORTSCAN DETECTED" from my DNS server

In my snort.conf i had the following configuration:
var DNS_SERVERS ip_of_my_dns_server/32
preprocessor portscan: 0.0.0.0/0 4 3 /path_to_portscan.log
preprocessor portscan-ignorehosts: $DNS_SERVERS

So how can i setup my config to reduce these alerts?

Regards,

JO
_________________________________________________________
Gagne une PS2 ! Envoie un SMS avec le code PS au 61166
(0,35€ Hors coût du SMS)



More information about the Snort-users mailing list