POV-Ray : Newsgroups : povray.general : NNTP return code buffer overflow attempt Server Time
5 Nov 2024 15:52:45 EST (-0500)
  NNTP return code buffer overflow attempt (Message 1 to 3 of 3)  
From: Rick [Kitty5]
Subject: NNTP return code buffer overflow attempt
Date: 21 Feb 2003 08:26:20
Message: <3e5628fc$1@news.povray.org>
Why is the povray.org news server filling my snort logs with

Date:02/21 13:09:51
Name:NNTP return code buffer overflow attempt
Priority:3
Type:Generic Protocol Command Decode
IP info: 204.213.191.226:119 -> 217.40.234.228:63679
References: none found
SID: 1792

http://www.snort.org/snort-db/sid.html?sid=1792

--
Rick

Kitty5 NewMedia http://Kitty5.co.uk
POV-Ray News & Resources http://Povray.co.uk
TEL : +44 (01270) 501101 - FAX : +44 (01270) 251105 - ICQ : 15776037

PGP Public Key
http://pgpkeys.mit.edu:11371/pks/lookup?op=get&search=0x231E1CEA


Post a reply to this message

From: Thorsten Froehlich
Subject: Re: NNTP return code buffer overflow attempt
Date: 22 Feb 2003 04:46:43
Message: <3e574703@news.povray.org>
In article <3e5628fc$1@news.povray.org> , "Rick [Kitty5]" <ric### [at] kitty5com>
wrote:

> Why is the povray.org news server filling my snort logs with

Because your intrusion detection system is defective and reporting nonsense?

    Thorsten

____________________________________________________
Thorsten Froehlich, Duisburg, Germany
e-mail: tho### [at] trfde

Visit POV-Ray on the web: http://mac.povray.org


Post a reply to this message

From: Jaime Vives Piqueres
Subject: Re: NNTP return code buffer overflow attempt
Date: 22 Feb 2003 05:21:19
Message: <20030222112118.2be10467.jaimevives@ignorancia.org>
On Fri, 21 Feb 2003 13:21:26 -0000
"Rick [Kitty5]" <ric### [at] kitty5com> wrote:

> Why is the povray.org news server filling my snort logs with

  A look at the snort rule quickly reveals that anything containing
"200 " and with a size >100, will be logged. An IDS is not an AI system,
it depends on the mantainer to investigate and remove false positives.
It's a hard work, but at some point you will have it nicely configured
to no report too many false positives. 

-- 
Jaime Vives Piqueres
		
La Persistencia de la Ignorancia
http://www.ignorancia.org


Post a reply to this message

Copyright 2003-2023 Persistence of Vision Raytracer Pty. Ltd.