Snort mailing list archives
FTP USER overflow attempt alerts, no logged packets.
From: Dolfred Mascarenhas <dolfredm () yahoo com>
Date: Wed, 31 Jul 2002 06:34:13 -0700 (PDT)
Hi, My snort alerted on the FTP user overflow attempt, as detailed below. On checking the logs, I observed that no packets were recorded for this alert, despite the large number of entries in the alerts file. Offensive packets were logged on all other alerts, but not this one. My Snort version is 1.8.7 Any comments/ideas will be appreciated. Thanks, Dolfred. [**] [1:1734:4] FTP USER overflow attempt [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 1] 07/29-10:04:20.610705 0:A0:8E:14:EC:E8 -> 0:0:C:7:AC:0 type:0x800 len:0xAA x.x.x.x:1349 -> x.x.x.x:21 TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:156 ***AP*** Seq: 0xC7BB95C1 Ack: 0xC7BB95C1 Win: 0x0 TcpLen: 20 [Xref => http://www.securityfocus.com/bid/4638] [Snort log] __________________________________________________ Do You Yahoo!? Yahoo! Health - Feel better, live better http://health.yahoo.com ------------------------------------------------------- This sf.net email is sponsored by: Dice - The leading online job board for high-tech professionals. Search and apply for tech jobs today! http://seeker.dice.com/seeker.epl?rel_code=31 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- FTP USER overflow attempt alerts, no logged packets. Dolfred Mascarenhas (Jul 31)
- Re: FTP USER overflow attempt alerts, no logged packets. Jim Burwell (Jul 31)