Snort mailing list archives

Previous By Date Next
Previous By Thread Next

0 Protocol?

From: "Mike Koponick" <mkoponick () redhawk info>
Date: Fri, 1 Aug 2003 07:14:13 -0700

I was wondering if anyone has seen this type of message. It appears that
someone is connecting to our SMTP relay using protocol "0". The Cisco
PIX sees it as a Invalid protocol. Snort hasn't seen anything of this
sort (I did a search through the logs).

Is there a rule for this type of message?

2003-08-01 01:31:10 Local4.Warning 192.168.XXX.XXX %PIX-4-500004:
Invalid transport field for protocol=6, from XXX.XXX.XXX.XXX/0 to
XXX.XXX.XXX.XXX/25

Thanks in advance.

Mike

mike () redhawk info

 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they are
addressed. If you have received this email in error please notify
 security () redhawk info.
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


-------------------------------------------------------
This SF.Net email sponsored by: Free pre-built ASP.NET sites including
Data Reports, E-commerce, Portals, and Forums are available now.
Download today and enter to win an XBOX or Visual Studio .NET.
http://aspnet.click-url.com/go/psa00100003ave/direct;at.aspnet_072303_01/01
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: