Snort mailing list archives
(no subject)
From: "C Boss" <cboss99 () hotmail com>
Date: Wed, 24 Apr 2002 16:43:37 -0400
Hello, The following rule:alert tcp $EXTERNAL_NET any -> $SMTP 25 (msg:"SMTP RCPT TO overflow"; flags:A+; content:"rcpt to|3a|"; dsize:>800; reference:cve,CAN-2001-0260; reference:bugtraq,2283; classtype:attempted-admin; sid:654; rev:1;)
is it looking at the data size of the SMTP "content" field or the size of the payload ?
Thanks. _________________________________________________________________ Chat with friends online, try MSN Messenger: http://messenger.msn.com _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- (no subject), (continued)
- (no subject) Federico Rena (Apr 10)
- Re: (no subject) John Sage (Apr 10)
- (no subject) Federico Rena (Apr 10)
- RE: (no subject) Omolayo Salako (Apr 10)
- (no subject) rakesh (Apr 11)
- (no subject) Ha Hoang (Apr 13)
- (no subject) Chris Eidem (Apr 14)
- Re: (no subject) Erek Adams (Apr 14)
- RE: (no subject) Chris Eidem (Apr 15)
- RE: Syslog Coughs? Erek Adams (Apr 15)
- (no subject) C Boss (Apr 25)
- Re: (no subject) Ralf Hildebrandt (Apr 25)
- (no subject) Zero Dark (May 04)
- Re: (no subject) Matt Kettler (May 04)
- (no subject) Vadim Pushkin (May 07)
- (no subject) Z . Qili (May 07)
- (no subject) John Maestrale (May 20)
- (no subject) John Maestrale (May 29)
- (no subject) Hugo Ferr (May 31)
- Re: (no subject) Rich Adamson (May 31)
- RE: (no subject) John Stroud (May 31)
(Thread continues...)
- (no subject) Federico Rena (Apr 10)