Snort mailing list archives
SID 1549 alerts -- what the heck is this ?
From: "Fritsche, Jeff" <jeff.fritsche () esker com>
Date: Fri, 16 May 2003 15:27:25 -0500
Getting a bunch of these. Why the alarms ??? NOTE: the "HELO xxx-xxx-xxx-xxx.xxxxx xxxxxxxx." had our server ip address and company name in it so I "x"'d them out. Thanks [**] SMTP HELO overflow attempt [**] 05/16-15:04:39.440732 200.77.249.165:1982 -> xxx.xxx.xxx.xx:25 TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:75 ***AP*** Seq: 0x7A546B80 Ack: 0xF40B73B1 Win: 0x410F TcpLen: 20 0x0000: 00 08 A1 11 04 3D 00 40 10 12 C0 B4 08 00 45 10 .....=.@......E. 0x0010: 00 4B 00 00 00 00 F0 06 00 00 C8 4D F9 A5 C0 A8 .K.........M.... 0x0020: A8 0D 07 BE 00 19 7A 54 6B 80 F4 0B 73 B1 50 18 ......zTk...s.P. 0x0030: 41 0F 00 00 00 00 48 45 4C 4F 20 xx xx xx 2D xx A.....HELO xxx-x 0x0040: xx xx 2D xx xx xx 2D xx xx xx 2E xx xx xx xx xx xx-xxx-xxx.xxxxx 0x0050: xx xx xx xx xx xx xx xx 0D xxxxxxxx. =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ ------------------------------------------------------- This SF.net email is sponsored by: If flattening out C++ or Java code to make your application fit in a relational database is painful, don't do it! Check out ObjectStore. Now part of Progress Software. http://www.objectstore.net/sourceforge _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- SID 1549 alerts -- what the heck is this ? Fritsche, Jeff (May 16)
- <Possible follow-ups>
- Re: SID 1549 alerts -- what the heck is this ? Matt Kettler (May 16)