Snort mailing list archives
Re: chameleon overflow
From: Ralf Hildebrandt <Ralf.Hildebrandt () innominate com>
Date: Fri, 8 Jun 2001 23:00:57 +0200
On Fri, Jun 08, 2001 at 01:20:57PM -0500, Matt Hand wrote:
In any case, here are the relevant lines from the log file:
What's really relevant is the packed dump itself, not the alert!
Jun 7 16:27:05 chia snort: SMTP chameleon overflow: 206.132.30.40:41226 -> 207.252.45.6:25
Go find the packet dump for the source IP 206.132.30.40 and look into it. -- ralf.hildebrandt () innominate com innominate AG Technical Consultant Don't be afraid of what you see - Diplom-Informatiker be afraid of what you don't see! tel: +49.(0)7000.POSTFIX fax: +49.(0)30.308806-77
Attachment:
_bin
Description:
Current thread:
- chameleon overflow Matt Hand (Jun 08)
- Re: chameleon overflow Ralf Hildebrandt (Jun 08)
- Re: chameleon overflow Paulie (Jun 08)
- Re: chameleon overflow Brian Caswell (Jun 08)
- <Possible follow-ups>
- Re: chameleon overflow Matthew Collins (Jun 11)
- CVS or 1.7? Jay Moore (Jun 11)
- Re: CVS or 1.7? Andreas Hasenack (Jun 11)
- CVS or 1.7? Jay Moore (Jun 11)