Snort mailing list archives
SMTP_Header_Name_Overfolw
From: Majed <majed15 () gmail com>
Date: Fri, 11 Jul 2014 16:52:46 +0300
Dears , I am getting too many events after enabling the SMTP Preprocessors. here is a sample event capture : Transmission Control Protocol (Src Port: 51803 (51803), Dst Port: 25 (25), Seq: 1, Ack: 1, Len: 1460) Source port 51803 (51803) Destination port 25 (25) Stream index 0 Sequence number 1 (relative sequence number) Next sequence number 1461 (relative sequence number) Acknowledgment number 1 (relative ack number) Header length 20 bytes Flags 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 0... = Push: Not set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value 255 Calculated window size 255 Window size scaling factor -1 (unknown) Checksum Good Checksum: False Bad Checksum: False Bytes in flight: 1460 Simple Mail Transfer Protocol Command: \003\265\030\266 Request parameter [truncated]: \215o&I\336\332\213\267\367\203j\311w@\263D\300\333\336\201\215\220\273\263v\207\330\005 8\331\353$\2707\220u\255\b\272G\020\312\255\033i\205$4X\004\033\223\305\3743\204\210\343k\222\352L\022>\300aB\371'\260\ Command Line Command: \230\213\034z Request parameter: V_\247Wq\3035\224y@6c\341\211;\345\205\323\242\347\\235\257\006\352=\377\316C@!\362\345q.|\213\271\204:\357\362\347M\265\346\341\006\251X Command Line Command: \257\277\376\202 Request parameter: U\371\362\236\177D\205\b\224\302,\350Q\250\355%\375\363^D Command Line Command: 1\336\a6 Request parameter: 2\004\214\034,\310#\254Hg^\207\037\375\262j\360-\205\035\266\371\v\230a\335\373pf\305\360!\aST\273_P\375\001\004\376\200\277\202\337g*\316\210\024[&*\213_$\a}\250\335\217\244\357\342\274\206q\t\235\220\357\267 Command Line Command: \245\024\217o Request parameter: \272\300\326\255\245\247\243z)J\352d\351\v\337\206\333\367>\364\250\253\261\026~\335r=\342itz\024\204\001w\207\2422\004\326\206\210\f\234\247` C Command Line Command: I\263\017m Request parameter: I am wondering if there is any way to get rid of this alerts with out disabling the Prep.
------------------------------------------------------------------------------ Open source business process management suite built on Java and Eclipse Turn processes into business applications with Bonita BPM Community Edition Quickly connect people, data, and systems into organized workflows Winner of BOSSIE, CODIE, OW2 and Gartner awards http://p.sf.net/sfu/Bonitasoft
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- SMTP_Header_Name_Overfolw Majed (Jul 11)