[Snort-users] IMAP Auth Literal Overflow
This is a discussion on [Snort-users] IMAP Auth Literal Overflow within the Snort forums, part of the System Security and Security Related category; Hello List, I have found recently "imapd: Login failed user=admin auth=admin host=natserver..." lines in the ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
05-11-2004
|
|||
|
|||
[Snort-users] IMAP Auth Literal Overflow
Hello List,
I have found recently "imapd: Login failed user=admin auth=admin host=natserver..." lines in the mail server logs. The point of concern is that sometimes it appears very frequently. ( 1 line / 2 sec) imapd IMAP4REV1 snort 2.1.3RC1 First I want some help to frame a rule in the snort to find the source of the problem. Second I have also observed a lot of "IMAP AUTH literal Overflow " alerts in the snort logs. Does this signify some alerting situation? How do I go about tracing the source of the problem. Regards Sonika ------------------------------------------------------- This SF.Net email is sponsored by Sleepycat Software Learn developer strategies Cisco, Motorola, Ericsson & Lucent use to deliver higher performing products faster, at low TCO. http://www.sleepycat.com/telcomwpreg...rom=osdnemail3 _______________________________________________ Snort-users mailing list Snort-users@lists.sourceforge.net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/...fo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.p...st=snort-users 
|
Linear Mode
