|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Snort SMTP expn-root
From: Oxenreider, Jeff (jox
SAFELITE.COM)Date: Thu Jul 06 2000 - 07:24:14 CDT
- Next message: Patrick Oonk: "version.bind from zen.isi.edu"
- Previous message: Dan Hollis: "Re: scan log and subsequent response from the host's ISP"
- Next in thread: Bill Pennington: "Re: Snort SMTP expn-root"
- Reply: Bill Pennington: "Re: Snort SMTP expn-root"
- Reply: Rob Wilson: "Re: Snort SMTP expn-root"
- Reply: dyer: "Re: Snort SMTP expn-root"
- Reply: Joe McAlerney: "Re: Snort SMTP expn-root"
- Reply: Fernando Cardoso: "Re: Snort SMTP expn-root"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Last night at around 7pm EST I got these two log entries from my IDS server.
Jul 5 19:06:33 IDS snort[340]: IDS31/SMTP-expn-root: 207.126.127.68:53244
-> XXX.XXX.XXX.10:25
Jul 5 19:06:33 IDS snort[340]: IDS31/SMTP-expn-root: 207.126.127.68:53244
-> XXX.XXX.XXX.10:25
Weird thing is that originating IP address is "lists.securityfocus.com".
I've been on these lists for over a month and this is the first time I've
ever seen this message come up in my IDS.
Anyone know why this may occur that I'm missing?
Jeffrey A. Oxenreider
Network Security Analyst
Safelite Glass Corp
- Next message: Patrick Oonk: "version.bind from zen.isi.edu"
- Previous message: Dan Hollis: "Re: scan log and subsequent response from the host's ISP"
- Next in thread: Bill Pennington: "Re: Snort SMTP expn-root"
- Reply: Bill Pennington: "Re: Snort SMTP expn-root"
- Reply: Rob Wilson: "Re: Snort SMTP expn-root"
- Reply: dyer: "Re: Snort SMTP expn-root"
- Reply: Joe McAlerney: "Re: Snort SMTP expn-root"
- Reply: Fernando Cardoso: "Re: Snort SMTP expn-root"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]