Snort mailing list archives
Re: Alerts of the ICMP relationship with smtp connection?
From: Paulo <listassec () yahoo com>
Date: Mon, 30 May 2005 13:40:34 -0700 (PDT)
I didn't solve this yet. Please, anyone can help me? Thanks again. --- Paulo <listassec () yahoo com> wrote:
Hi Matt, Thanks by your help. This alerts occurs when my employees sends e-mail to some a few external receivers using my stmp server. I have a linux box with postfix ( version 1.1.13). Thanks again. --- Matt Jonkman <matt () infotex com> wrote:I've seen HPUX systems ping before they sendemail.But it usually shows up as a large ICMP Packet sig. Unless you havethatoff, in which case it'd likely trip one of those. It's not unusual though, and generally not athreat.Just interesting. Matt Paulo wrote:Hi, I am using Snort version Version 2.3.2 (Build12).I have in my snort logs the alerts: 366 - ICMP Ping *nix 384 - ICMP Ping 368 - Ping BSDtype I investigated my others systems logs and in thetimethat this alert is recorded is the same that registered smtp connection in the maillogarquivefrommy postfix server. The source IP address in snort's log is equalthedestination IP address in the maillog to smtp connection. This alerts can to be generated by my mailserverwhenit sends mails? This alerts is a false positive? Thanks by help __________________________________ Discover Yahoo! Have fun online with music videos, cool games,IMand more. Check it out!http://discover.yahoo.com/online.html
-------------------------------------------------------
This SF.Net email is sponsored by Yahoo. Introducing Yahoo! Search Developer Network -Create apps using Yahoo!Search APIs Find out how you can build Yahoo!directly into your ownApplications - visit
http://developer.yahoo.net/?fr=offad-ysdn-ostg-q22005
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options orunsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
-- -------------------------------------------- Matthew Jonkman, CISSP Senior Security Engineer Infotex 765-429-0398 Direct Anytime 765-448-6847 Office 866-679-5177 24x7 NOC my.infotex.com www.offsitefilter.com www.bleedingsnort.com -------------------------------------------- NOTICE: The information contained in this email is confidential and intended solely for the intended recipient.Anyuse, distribution, transmittal or retransmittal of information contained in this email by persons who are not intended recipients may be a violation of law and isstrictlyprohibited. If you are not the intended recipient, please contact the sender and delete all copies.__________________________________ Do you Yahoo!? Yahoo! Small Business - Try our new Resources site http://smallbusiness.yahoo.com/resources/
-------------------------------------------------------
This SF.Net email is sponsored by Yahoo. Introducing Yahoo! Search Developer Network - Create apps using Yahoo! Search APIs Find out how you can build Yahoo! directly into your own Applications - visit
http://developer.yahoo.net/?fr=offad-ysdn-ostg-q22005
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
__________________________________ Do you Yahoo!? Yahoo! Small Business - Try our new Resources site http://smallbusiness.yahoo.com/resources/ ------------------------------------------------------- This SF.Net email is sponsored by Yahoo. Introducing Yahoo! Search Developer Network - Create apps using Yahoo! Search APIs Find out how you can build Yahoo! directly into your own Applications - visit http://developer.yahoo.net/?fr=offad-ysdn-ostg-q22005 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Alerts of the ICMP relationship with smtp connection? Paulo (May 24)
- Re: Alerts of the ICMP relationship with smtp connection? Matt Jonkman (May 24)
- <Possible follow-ups>
- Re: Alerts of the ICMP relationship with smtp connection? Paulo (May 24)
- Re: Alerts of the ICMP relationship with smtp connection? Paulo (May 30)
- Re: Alerts of the ICMP relationship with smtp connection? Frank Knobbe (May 31)
- Re: Alerts of the ICMP relationship with smtp connection? Paulo (Jun 06)
- Re: Alerts of the ICMP relationship with smtp connection? Frank Knobbe (May 31)
- RE: Alerts of the ICMP relationship with smtp connection? Paulo (Jun 07)
- RE: Alerts of the ICMP relationship with smtp connection? Briggs, Bruce (Jun 07)
- RE: Alerts of the ICMP relationship with smtp connection? Paulo (Jun 07)
- RE: Alerts of the ICMP relationship with smtp connection? Briggs, Bruce (Jun 07)
- Snort Inline again.... Xavier Cabrera (Jun 07)
- RE: Alerts of the ICMP relationship with smtp connection? Paulo (Jun 08)
- RE: Alerts of the ICMP relationship with smtp connection? Paulo (Jun 10)