SMTP_Header_Name_Overfolw

[Majed <majed15 () gmail com>]

Dears ,

I am getting too many events after enabling the SMTP Preprocessors.

here is a sample event capture :


Transmission Control Protocol (Src Port: 51803 (51803), Dst Port: 25 (25), Seq: 1, Ack: 1, Len: 1460)
Source port     51803 (51803)
Destination port        25 (25)
Stream index    0
Sequence number 1 (relative sequence number)
Next sequence number    1461 (relative sequence number)
Acknowledgment number   1 (relative ack number)
Header length   20 bytes
Flags   
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgment: Set
.... .... 0... = Push: Not set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
Window size value       255
Calculated window size  255
Window size scaling factor      -1 (unknown)
Checksum        
Good Checksum: False
Bad Checksum: False
Bytes in flight: 1460
Simple Mail Transfer Protocol
Command: \003\265\030\266
Request parameter [truncated]: \215o&I\336\332\213\267\367\203j\311w@\263D\300\333\336\201\215\220\273\263v\207\330\005 
8\331\353$\2707\220u\255\b\272G\020\312\255\033i\205$4X\004\033\223\305\3743\204\210\343k\222\352L\022>\300aB\371'\260\
Command Line    
Command: \230\213\034z
Request parameter: 
V_\247Wq\3035\224y@6c\341\211;\345\205\323\242\347\\235\257\006\352=\377\316C@!\362\345q.|\213\271\204:\357\362\347M\265\346\341\006\251X
Command Line    
Command: \257\277\376\202
Request parameter: U\371\362\236\177D\205\b\224\302,\350Q\250\355%\375\363^D
Command Line    
Command: 1\336\a6
Request parameter: 
2\004\214\034,\310#\254Hg^\207\037\375\262j\360-\205\035\266\371\v\230a\335\373pf\305\360!\aST\273_P\375\001\004\376\200\277\202\337g*\316\210\024[&*\213_$\a}\250\335\217\244\357\342\274\206q\t\235\220\357\267
Command Line    
Command: \245\024\217o
Request parameter: 
\272\300\326\255\245\247\243z)J\352d\351\v\337\206\333\367>\364\250\253\261\026~\335r=\342itz\024\204\001w\207\2422\004\326\206\210\f\234\247`
 C
Command Line    
Command: I\263\017m
Request parameter: 





I am wondering if there is any way to get rid of this alerts with out disabling the Prep.

------------------------------------------------------------------------------
Open source business process management suite built on Java and Eclipse
Turn processes into business applications with Bonita BPM Community Edition
Quickly connect people, data, and systems into organized workflows
Winner of BOSSIE, CODIE, OW2 and Gartner awards
http://p.sf.net/sfu/Bonitasoft

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!