Mailinglist Archive: opensuse-security (685 mails)

< Previous Next >
What's this one from lists2.suse.com ?
  • From: Thomas Lamy <Thomas.Lamy@xxxxxxxxxx>
  • Date: Tue, 12 Feb 2002 21:49:58 +0100
  • Message-id: <656F04F343FC25409463829A15B5FDDC08AE69@xxxxxxxxxxxxxxxxxxxxx>
Hi listers,

being subscribed to a few SuSE mailing lists and running snort, I noticed
this alert:

Feb 12 20:07:11 argus snort: [1:654:1] SMTP RCPT TO overflow
[Classification: Attempted Administrator Privilege Gain] [Priority: 1]:
{TCP} 202.58.118.7:4340 -> <my smtp server>:25

@argus:~ > host 202.58.118.7
7.118.58.202.IN-ADDR.ARPA domain name pointer lists2.suse.com

>From the snort rules file this indicates a RCPT TO: line with more than 800
chars length, which I think is pretty unusual for list messages

What's going on there ? Or has anyone running snort had false positives on
this one ?


Thomas


< Previous Next >
Follow Ups