Incomplete RPC segment - False Positives...

[Shawn Duffy <pakkit () codepiranha org>]

Hello all..

I have been running snort for some time now and I am currently running
snort 1.9.1 (Build 231) and my sigs were updated last on March 5th...
All of a sudden however... after my last reboot, I am noticing a huge
amount of alerts for Incomplete RPC Segment and Fragmented RPC Records
from my mail server, source 993... yes, I am using IMAP-SSL for mail...
I don't _believe_ anything has changed on the server-side and I know I
haven't changed anything and I have been using this mail server via
IMAP-SSL for almost a year now and have never seen this before... 
Anyone know why this would happen or perhaps, has anyone seen this
before?

Thanks in advance...
Shawn
-- 
email: pakkit at codepiranha dot org
web: http://codepiranha.org/~pakkit
gpg key: http://codepiranha.org/~pakkit/pakkit.asc
gpg fpr: 8988 6FB6 3CFE FE6D 548E  98FB CCE9 6CA9 98FC 665A
having problems reading email from me? http://codepiranha.org/~pakkit/pgp-trouble.html

Attachment: signature.asc
Description: This is a digitally signed message part