[Snort-users] smtp: Attempted command buffer overflow

Phil Daws uxbod at ...14273...
Wed Apr 17 04:06:43 EDT 2013


Hello,

have recently installed Snort and am beginning to see a lot of alerts from the SMTP preprocessor for SID 124:1:1.  Looking at the payload data it shows:

0000000: 45 48 4c 4f 20 6c 69 73 74 73 2e 73 6f   75 72 63 65 66 6f 72 67 65 2e 6e 65 74  EHLO.lists.sourceforge.net
000001A: 0d 0a                                                                            ..

this to an untrained eye looks okay so why would it be tripping the test ?

Thanks.




More information about the Snort-users mailing list