Swatch + Snort: SMTP HELO overflow attempt

[jo cam <jo.cam () caramail com>]

Hi,

Thanks for your help. The following mail command seems work
fine:

mail jo.cam () caramail com,subject=Snort_Alert

But snort generate the following alerts:
- "HELO overflow attempt [Classification: Attempted
Administrator Privilege Gain] [Priority: 1]: {TCP}" from my
workstaion to the SMTP server
- "spp_portscan: PORTSCAN DETECTED" from my DNS server

In my snort.conf i had the following configuration:
var DNS_SERVERS ip_of_my_dns_server/32
preprocessor portscan: 0.0.0.0/0 4 3 /path_to_portscan.log
preprocessor portscan-ignorehosts: $DNS_SERVERS

So how can i setup my config to reduce these alerts?

Regards,

JO
_________________________________________________________
Gagne une PS2 ! Envoie un SMS avec le code PS au 61166
(0,35€ Hors coût du SMS)