Snort mailing list archives
RE: 1000s of SMTP RCPT TO overflow and Speedera Pings
From: "Jeremy Junginger" <jjunginger () interactcommerce com>
Date: Wed, 14 Aug 2002 13:49:22 -0700
I don't know if this will apply to your data flows, but whenever I see SMTP RCPT TO OVERFLOW alert, it indicates an open SMTP relay. Please disregard if this offends or does not apply, but you may check the configuration of the destination host to ensure that it is not relaying SPAM. -Jeremy -----Original Message----- From: Eric Joe [mailto:sysop () tje1 com] Sent: Wednesday, August 14, 2002 12:08 PM To: snort-users () lists sourceforge net Subject: [Snort-users] 1000s of SMTP RCPT TO overflow and Speedera Pings I know what Speedera is (I have read their FAQ), but what I dont understand why Snorts default rules even counts this as an alert. What are others on the list doing with Speedera? Would it be a bad idea to ignore it? The other top alert I am getting is SMTP RCPT TO overflow, and the targets are mail server/DNS servers. I have manually added my DNS servers in the snort.conf file, but still have gotten over 5600 of these in less than 1 week. I am sure these are false alarms, but I want to get the lists feedback on this. Thanks in advance -- Eric Joe Network Operations Journey's End Internet/Computer Connection Inc ------------------------------------------------------- This sf.net email is sponsored by: Dice - The leading online job board for high-tech professionals. Search and apply for tech jobs today! http://seeker.dice.com/seeker.epl?rel_code=31 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Attachment:
smime.p7s
Description:
Current thread:
- 1000s of SMTP RCPT TO overflow and Speedera Pings Eric Joe (Aug 14)
- Re: 1000s of SMTP RCPT TO overflow and Speedera Pings Ian Macdonald (Aug 14)
- <Possible follow-ups>
- RE: 1000s of SMTP RCPT TO overflow and Speedera Pings Jeremy Junginger (Aug 14)
- RE: 1000s of SMTP RCPT TO overflow and Speedera Pings Robert Schwartz (Aug 15)