Snort mailing list archives
Incomplete RPC segment - False Positives...
From: Shawn Duffy <pakkit () codepiranha org>
Date: Fri, 28 Mar 2003 19:45:18 -0500
Hello all.. I have been running snort for some time now and I am currently running snort 1.9.1 (Build 231) and my sigs were updated last on March 5th... All of a sudden however... after my last reboot, I am noticing a huge amount of alerts for Incomplete RPC Segment and Fragmented RPC Records from my mail server, source 993... yes, I am using IMAP-SSL for mail... I don't _believe_ anything has changed on the server-side and I know I haven't changed anything and I have been using this mail server via IMAP-SSL for almost a year now and have never seen this before... Anyone know why this would happen or perhaps, has anyone seen this before? Thanks in advance... Shawn -- email: pakkit at codepiranha dot org web: http://codepiranha.org/~pakkit gpg key: http://codepiranha.org/~pakkit/pakkit.asc gpg fpr: 8988 6FB6 3CFE FE6D 548E 98FB CCE9 6CA9 98FC 665A having problems reading email from me? http://codepiranha.org/~pakkit/pgp-trouble.html
Attachment:
signature.asc
Description: This is a digitally signed message part
Current thread:
- Incomplete RPC segment - False Positives... Shawn Duffy (Mar 28)
- Re: Incomplete RPC segment - False Positives... Erek Adams (Mar 29)