Snort mailing list archives
Re: SMTP rule needed
From: Andreu.Gomez () keisa intrakom com
Date: Wed, 10 Apr 2002 09:31:07 +0100
Would this catch traffic going to 'hotmail' as well? Thanks anyway it seems to work Paul
No, I don't think so. Hotmail is a web based email service, so it doesn't use port 25. To do so you should write a new rule, something like alert tcp any any -> any 80(msg:"Hotmail access";content:"hotmail.com"; flags: A+; nocase; classtype:misc-activity;) Bear in mind that hotmail has several servers like law4.lc3.hotmail.com so it's difficult to set up a new rule only for hotmail. If you knew all its IP addresses... I hope this is useful for you andreu _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- SMTP rule needed Paul . Simons (Apr 09)
- Re: SMTP rule needed Matt Kettler (Apr 09)
- <Possible follow-ups>
- Re: SMTP rule needed Paul . Simons (Apr 09)
- Re: SMTP rule needed Andreu . Gomez (Apr 10)
- RE: SMTP rule needed Wirth, Jeff (Apr 10)