Mailinglist Archive: opensuse-security (685 mails)

< Previous Next >
Re: [suse-security] What's this one from lists2.suse.com ?
  • From: Christopher Mahmood <ckm@xxxxxxxx>
  • Date: Tue, 12 Feb 2002 13:29:39 -0800
  • Message-id: <20020212212938.GN4890@xxxxxxxxxxxxxxxxxx>
* Thomas Lamy (Thomas.Lamy@xxxxxxxxxx) [020212 12:52]:
> being subscribed to a few SuSE mailing lists and running snort, I noticed
> this alert:
>
> Feb 12 20:07:11 argus snort: [1:654:1] SMTP RCPT TO overflow
> [Classification: Attempted Administrator Privilege Gain] [Priority: 1]:
> {TCP} 202.58.118.7:4340 -> <my smtp server>:25

:) If only my life were that exciting....

> @argus:~ > host 202.58.118.7
> 7.118.58.202.IN-ADDR.ARPA domain name pointer lists2.suse.com
>
> >From the snort rules file this indicates a RCPT TO: line with more than 800
> chars length, which I think is pretty unusual for list messages

It's not unusual to see envelope froms that are over 100 characters
with ezmlm but I can't believe the 800. Please send mail logs to
ml-admin@xxxxxxxx if you're sure that the length isn't being
misinterpreted.

--

-ckm

< Previous Next >
Follow Ups
References