RE: 1000s of SMTP RCPT TO overflow and Speedera Pings

["Jeremy Junginger" <jjunginger () interactcommerce com>]

I don't know if this will apply to your data flows, but whenever I see
SMTP RCPT TO OVERFLOW alert, it indicates an open SMTP relay.  Please
disregard if this offends or does not apply, but you may check the
configuration of the destination host to ensure that it is not relaying
SPAM.

-Jeremy

-----Original Message-----
From: Eric Joe [mailto:sysop () tje1 com] 
Sent: Wednesday, August 14, 2002 12:08 PM
To: snort-users () lists sourceforge net
Subject: [Snort-users] 1000s of SMTP RCPT TO overflow and Speedera Pings


I know what Speedera is (I have read their FAQ), but what I dont
understand why Snorts default rules even counts this as an alert. What
are others on the list doing with Speedera? Would it be a bad idea to
ignore it? The other top alert I am getting is SMTP RCPT TO overflow,
and the targets are mail server/DNS servers. I have manually added my
DNS servers in the snort.conf file, but still have gotten over 5600 of
these in less than 1 week. I am sure these are false alarms, but I want
to get the lists feedback on this.

Thanks in advance

-- 
Eric Joe
Network Operations
Journey's End Internet/Computer Connection Inc




-------------------------------------------------------
This sf.net email is sponsored by: Dice - The leading online job board
for high-tech professionals. Search and apply for tech jobs today!
http://seeker.dice.com/seeker.epl?rel_code=31
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Attachment: smime.p7s
Description: