Home page logo

snort logo Snort mailing list archives

smtp: Attempted command buffer overflow
From: Phil Daws <uxbod () splatnix net>
Date: Wed, 17 Apr 2013 09:06:43 +0100 (BST)


have recently installed Snort and am beginning to see a lot of alerts from the SMTP preprocessor for SID 124:1:1.  
Looking at the payload data it shows:

0000000: 45 48 4c 4f 20 6c 69 73 74 73 2e 73 6f   75 72 63 65 66 6f 72 67 65 2e 6e 65 74  EHLO.lists.sourceforge.net
000001A: 0d 0a                                                                            ..

this to an untrained eye looks okay so why would it be tripping the test ?


Precog is a next-generation analytics platform capable of advanced
analytics on semi-structured data. The platform includes APIs for building
apps and a phenomenal toolset for data science. Developers can use
our toolset for easy data analysis & visualization. Get a free account!
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
Snort-users list archive:

Please visit http://blog.snort.org to stay current on all the latest Snort news!

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]