[Snort-users] IMAP Auth Literal Overflow
sonikam at ...4044...
Tue May 11 01:10:03 EDT 2004
I have found recently "imapd: Login failed user=admin auth=admin
host=natserver..." lines in the mail server logs. The point of concern
is that sometimes it appears very frequently. ( 1 line / 2 sec)
First I want some help to frame a rule in the snort to find the source
of the problem.
Second I have also observed a lot of "IMAP AUTH literal Overflow "
alerts in the snort logs.
Does this signify some alerting situation? How do I go about tracing the
source of the problem.
More information about the Snort-users