On Thu, 12 Jul 2001, Martin Domig wrote:
> Hello
>
> As I am using snort I keep getting many warnings in my logfiles which I
> don't know what they mean. For example the following entry:
>
> Jul 11 01:17:46 keeper snort[6079]: IDS266 - CAN-1999-0261 - SMTP Chameleon
> Overflow: xxx.xxx.xxx.xxx:44772 -> yyy.yyy.yyy.yyy:25
Again you might want to check out the rule itself and the stream/packet
content. Some rules are prone to false positives.
> This tells me that someone is doing funny stuff to my mailserver (I keep
> getting those all the time), but I don't know what is causing this entry
> and how "dangerous" this "attack" is. Is there any resource where I can
> search for snort warnings (those IDSxxx codes) and look up more information
> about a single snort rule?
You can check out these IDS(\d+) at www.whitehats.com where you can
also find new rules and updates to older ones.
greets
Jigal
--
I can run [EMAIL PROTECTED] with total impunity! FORTY-TWO !
- cerebro <played by erwin in a DEC Alpha GS320>
