[Snort-users] IMAP Auth Literal Overflow

Sonika Malhotra sonikam at ...4044...
Tue May 11 01:10:03 EDT 2004


Hello List,

I have found recently "imapd: Login failed user=admin auth=admin 
host=natserver..." lines in the mail server logs. The point of concern 
is that sometimes it appears very frequently. ( 1 line / 2 sec)
imapd IMAP4REV1
snort 2.1.3RC1

First I want some help to frame a rule in the snort to find the source 
of the problem.

Second I have also observed a lot of "IMAP AUTH literal Overflow " 
alerts in the snort logs.
Does this signify some alerting situation? How do I go about tracing the 
source of the problem.

Regards
Sonika





More information about the Snort-users mailing list