[Snort-users] SMTP Preprocessor : X-ANONYMOUSTLS command
danroberts2604 at ...11827...
Wed Mar 11 05:35:40 EDT 2015
I'm getting continuously FP (I presume) alerts associated to SMTP traffic
(124:1:1 (smtp) Attempted command buffer overflow: more than 512 chars).
One week ago I made a trace and noticed that many MS Exchange servers on
our networks use a special SMTP command (X-ANONYMOUSTLS) not referenced in
the Snort SMTP preprocessor.
First, I tried to add "alert_unknown_cmds" to see if the preprocessor
didn't know that command. No output at all.
Then, I tried to list all the commands understood by the preprocessor,
using "print_cmds" and restarted snort with -M to have time to investigate
the output of the command. Again, no output at all.....
Did someone use those commands successfully once ?
Additionally, I'm wondering why is there so few information about
that X-ANONYMOUSTLS command...
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-users