Snort mailing list archives

Previous By Date Next
Previous By Thread Next

smtp: Attempted command buffer overflow

From: Phil Daws <uxbod () splatnix net>
Date: Wed, 17 Apr 2013 09:06:43 +0100 (BST)
Hello,

have recently installed Snort and am beginning to see a lot of alerts from the SMTP preprocessor for SID 124:1:1.  
Looking at the payload data it shows:

0000000: 45 48 4c 4f 20 6c 69 73 74 73 2e 73 6f   75 72 63 65 66 6f 72 67 65 2e 6e 65 74  EHLO.lists.sourceforge.net
000001A: 0d 0a                                                                            ..

this to an untrained eye looks okay so why would it be tripping the test ?

Thanks.

------------------------------------------------------------------------------
Precog is a next-generation analytics platform capable of advanced
analytics on semi-structured data. The platform includes APIs for building
apps and a phenomenal toolset for data science. Developers can use
our toolset for easy data analysis & visualization. Get a free account!
http://www2.precog.com/precogplatform/slashdotnewsletter
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: