Disabling smtp: Attempted command buffer overflow.
118 views
Skip to first unread message
aaron9615
Oct 4, 2016, 11:24:21 AM10/4/16
to security-onion
I would like to disable the following alert smtp: Attempted command buffer overflow. The alert will not show in SQUERT only SGUIL, from what I gather the alert SID is 124. I have disabled that alert but I am still getting email alerts about this threat, does anyone know how to disable this alert?
Aaron
Aaron
Wes
Oct 4, 2016, 12:47:32 PM10/4/16
to security-onion
On Tuesday, October 4, 2016 at 11:24:21 AM UTC-4, aaron9615 wrote:
> I would like to disable the following alert smtp: Attempted command buffer overflow. The alert will not show in SQUERT only SGUIL, from what I gather the alert SID is 124. I have disabled that alert but I am still getting email alerts about this threat, does anyone know how to disable this alert?
>
> Aaron
> I would like to disable the following alert smtp: Attempted command buffer overflow. The alert will not show in SQUERT only SGUIL, from what I gather the alert SID is 124. I have disabled that alert but I am still getting email alerts about this threat, does anyone know how to disable this alert?
>
> Aaron
Aaron,
This appears to be a preprocessor. You may want to see:
http://manual-snort-org.s3-website-us-east-1.amazonaws.com/node17.html#SECTION00328000000000000000
Thanks,
Wes
Reply all
Reply to author
Forward
0 new messages