Snort mailing list archives

Re: chameleon overflow

From: Ralf Hildebrandt <Ralf.Hildebrandt () innominate com>
Date: Fri, 8 Jun 2001 23:00:57 +0200

On Fri, Jun 08, 2001 at 01:20:57PM -0500, Matt Hand wrote:

  In any case, here are the relevant lines from the log file:

What's really relevant is the packed dump itself, not the alert!

Jun  7 16:27:05 chia snort: SMTP chameleon overflow: 206.132.30.40:41226 -> 207.252.45.6:25


Go find the packet dump for the source IP 206.132.30.40 and look into
it.

-- 
ralf.hildebrandt () innominate com                            innominate AG
Technical Consultant                   Don't be afraid of what you see -
Diplom-Informatiker                     be afraid of what you don't see!
tel: +49.(0)7000.POSTFIX                        fax: +49.(0)30.308806-77

Attachment: _bin
Description:

Current thread:

chameleon overflow Matt Hand (Jun 08)
- Re: chameleon overflow Ralf Hildebrandt (Jun 08)
- Re: chameleon overflow Paulie (Jun 08)
  - Re: chameleon overflow Brian Caswell (Jun 08)
- <Possible follow-ups>
- Re: chameleon overflow Matthew Collins (Jun 11)
  - CVS or 1.7? Jay Moore (Jun 11)
    - Re: CVS or 1.7? Andreas Hasenack (Jun 11)