On Tue, Jun 11, 2002 at 10:18:10AM +0200, Ben-Nes Michael wrote:
> Hi All
>
> Snort is giving me this message every time my primary mail server (exim)
> forward a mail to a local one (also exim)
>
> Jun 10 19:45:34 fr snort[858]: [1:654:3] SMTP RCPT TO overflow
> [Classification: Attempted Administrator Privilege Gain] [Priority: 1]:
> {TCP} 194.90.15.2:1417 -> 194.90.15.162:25
Not off-hand, but fortunately, snort maintains logs containing the
suspicious packets. Just look at the offending packet and compare it
to the snort rule.
Regards, Yotam Rubin
>
>
> Any idea whats its all about ?
>
>
>
> =================================================================
> To unsubscribe, send mail to [EMAIL PROTECTED] with
> the word "unsubscribe" in the message body, e.g., run the command
> echo unsubscribe | mail [EMAIL PROTECTED]
>
=================================================================
To unsubscribe, send mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]
