|
|
SMTP PreProc Woes: msg#00017security.ids.snort.devel
FYI: I seem to be getting a lot of false "smtp: Attempted specific command buffer overflow" alerts when using the libsf_smtp_preproc in snort 2.6.0. I am using the std config options. preprocessor smtp: \ ports { 25 } \ inspection_type stateful \ normalize cmds \ normalize_cmds { EXPN VRFY RCPT } \ alt_max_command_line_len 260 { MAIL } \ alt_max_command_line_len 300 { RCPT } \ alt_max_command_line_len 500 { HELP HELO ETRN } \ alt_max_command_line_len 255 { EXPN VRFY } For now I've added no_alerts to my config. If you need any information, please let me know. Bammkkkk -- sguil - The Analyst Console for NSM http://sguil.sf.net ------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 |
|
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| Previous by Date: | Availability of Snort v2.6.0.1 final and v2.6.1 beta: 00017, Snort Releases |
|---|---|
| Next by Date: | FTP PrePreproc Alerts: 00017, Bamm Visscher |
| Previous by Thread: | Availability of Snort v2.6.0.1 final and v2.6.1 betai: 00017, Snort Releases |
| Next by Thread: | Re: SMTP PreProc Woes: 00017, Andrew Mullican |
| Indexes: | [Date] [Thread] [Top] [All Lists] |
| News | FAQ | advertise |