On Thu, 12 Jul 2001, Martin Domig wrote: > Hello > > As I am using snort I keep getting many warnings in my logfiles which I > don't know what they mean. For example the following entry: > > Jul 11 01:17:46 keeper snort[6079]: IDS266 - CAN-1999-0261 - SMTP Chameleon > Overflow: xxx.xxx.xxx.xxx:44772 -> yyy.yyy.yyy.yyy:25
Again you might want to check out the rule itself and the stream/packet content. Some rules are prone to false positives. > This tells me that someone is doing funny stuff to my mailserver (I keep > getting those all the time), but I don't know what is causing this entry > and how "dangerous" this "attack" is. Is there any resource where I can > search for snort warnings (those IDSxxx codes) and look up more information > about a single snort rule? You can check out these IDS(\d+) at www.whitehats.com where you can also find new rules and updates to older ones. greets Jigal -- I can run [EMAIL PROTECTED] with total impunity! FORTY-TWO ! - cerebro <played by erwin in a DEC Alpha GS320>