[Snort-users] Alerts of the ICMP relationship with smtp connection?

Paulo listassec at ...131...
Mon May 30 13:42:15 EDT 2005


I didn't solve this yet. Please, anyone can help me?

Thanks again.

--- Paulo <listassec at ...131...> wrote:
> Hi Matt,
> 
> Thanks by your help. This alerts occurs when my
> employees sends e-mail to some a few external
> receivers using my stmp server. I have a linux box
> with postfix ( version 1.1.13).
> 
> Thanks again.
> 
> --- Matt Jonkman <matt at ...12231...> wrote:
> > I've seen HPUX systems ping before they send
> email.
> > But it usually shows
> > up as a large ICMP Packet sig. Unless you have
> that
> > off, in which case
> > it'd likely trip one of those.
> > 
> > It's not unusual though, and generally not a
> threat.
> > Just interesting.
> > 
> > Matt
> > 
> > Paulo wrote:
> > > Hi,
> > > 
> > > I am using Snort version  Version 2.3.2 (Build
> > 12).
> > > I have in my snort logs the alerts:
> > > 
> > > 366 - ICMP Ping *nix
> > > 384 - ICMP Ping
> > > 368 - Ping BSDtype
> > > 
> > > I investigated my others systems logs and in the
> > time
> > > that this alert is recorded is the same that
> > > registered smtp connection in the maillog
> arquive
> > from
> > > my postfix server.
> > > 
> > > The source IP address in snort's log is equal
> the
> > > destination IP address in the maillog to smtp
> > > connection. 
> > > 
> > > This alerts can to be generated by my mail
> server
> > when
> > > it sends mails?
> > > 
> > > This alerts is a false positive?
> > > 
> > > Thanks by help
> > > 
> > > 
> > > 		
> > > __________________________________ 
> > > Discover Yahoo! 
> > > Have fun online with music videos, cool games,
> IM
> > and more. Check it out! 
> > > http://discover.yahoo.com/online.html
> > > 
> > > 
> > >
> >
>
-------------------------------------------------------
> > > This SF.Net email is sponsored by Yahoo.
> > > Introducing Yahoo! Search Developer Network -
> > Create apps using Yahoo!
> > > Search APIs Find out how you can build Yahoo!
> > directly into your own
> > > Applications - visit
> >
>
http://developer.yahoo.net/?fr=offad-ysdn-ostg-q22005
> > > _______________________________________________
> > > Snort-users mailing list
> > > Snort-users at lists.sourceforge.net
> > > Go to this URL to change user options or
> > unsubscribe:
> > >
> >
>
https://lists.sourceforge.net/lists/listinfo/snort-users
> > > Snort-users list archive:
> > >
> >
>
http://www.geocrawler.com/redir-sf.php3?list=snort-users
> > 
> > -- 
> > --------------------------------------------
> > Matthew Jonkman, CISSP
> > Senior Security Engineer
> > Infotex
> > 765-429-0398 Direct Anytime
> > 765-448-6847 Office
> > 866-679-5177 24x7 NOC
> > my.infotex.com
> > www.offsitefilter.com
> > www.bleedingsnort.com
> > --------------------------------------------
> > 
> > 
> > NOTICE: The information contained in this email is
> > confidential
> > and intended solely for the intended recipient.
> Any
> > use,
> > distribution, transmittal or retransmittal of
> > information
> > contained in this email by persons who are not
> > intended
> > recipients may be a violation of law and is
> strictly
> > prohibited.
> > If you are not the intended recipient, please
> > contact the sender
> > and delete all copies.
> > 
> 
> 
> 		
> __________________________________ 
> Do you Yahoo!? 
> Yahoo! Small Business - Try our new Resources site
> http://smallbusiness.yahoo.com/resources/
> 
> 
>
-------------------------------------------------------
> This SF.Net email is sponsored by Yahoo.
> Introducing Yahoo! Search Developer Network - Create
> apps using Yahoo!
> Search APIs Find out how you can build Yahoo!
> directly into your own
> Applications - visit
>
http://developer.yahoo.net/?fr=offad-ysdn-ostg-q22005
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or
> unsubscribe:
>
https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
>
http://www.geocrawler.com/redir-sf.php3?list=snort-users
> 


		
__________________________________ 
Do you Yahoo!? 
Yahoo! Small Business - Try our new Resources site
http://smallbusiness.yahoo.com/resources/




More information about the Snort-users mailing list