Snort mailing list archives

FTP USER overflow attempt alerts, no logged packets.

From: Dolfred Mascarenhas <dolfredm () yahoo com>
Date: Wed, 31 Jul 2002 06:34:13 -0700 (PDT)

Hi, 

My snort alerted on the FTP user overflow attempt, as
detailed below. On checking the logs, I observed that
no packets were recorded for this alert, despite the
large number of entries in the alerts file. Offensive
packets were logged on all other alerts, but not this
one.

My Snort version is 1.8.7
Any comments/ideas will be appreciated.

Thanks,
Dolfred.



[**] [1:1734:4] FTP USER overflow attempt [**]
[Classification: Attempted Administrator Privilege
Gain] [Priority: 1]
07/29-10:04:20.610705 0:A0:8E:14:EC:E8 -> 0:0:C:7:AC:0
type:0x800 len:0xAA
x.x.x.x:1349 -> x.x.x.x:21 TCP TTL:240 TOS:0x10 ID:0
IpLen:20 DgmLen:156
***AP*** Seq: 0xC7BB95C1 Ack: 0xC7BB95C1 Win: 0x0
TcpLen: 20
[Xref => http://www.securityfocus.com/bid/4638] [Snort
log] 

__________________________________________________
Do You Yahoo!?
Yahoo! Health - Feel better, live better
http://health.yahoo.com


-------------------------------------------------------
This sf.net email is sponsored by: Dice - The leading online job board
for high-tech professionals. Search and apply for tech jobs today!
http://seeker.dice.com/seeker.epl?rel_code=31
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

FTP USER overflow attempt alerts, no logged packets. Dolfred Mascarenhas (Jul 31)
- Re: FTP USER overflow attempt alerts, no logged packets. Jim Burwell (Jul 31)