Snort mailing list archives
Re: Content Inspection Rule for SMT
From: "larc" <larc () pandora be>
Date: Mon 11 Nov 2002 14:22:55 +0100
Something like this. For SMTP: alert tcp any any -> $SMTP_SERVERS 25( sid: 1000001; rev: 1; msg: "SMTP blablabla content found"; flow: to_server,established; content: "blablabla";) For pop3: alert tcp $HOME_NET any -> $POP3_SERVERS 110( sid: 1000002; rev: 1; msg: "POP3 blablabla content found"; flow: to_server,established; content: "blablabla";) Regards, Stefan D. ------------------------ Atul Shrivastava <atul_iet () yahoo com> wrote: ------------------------ Hi,
Can anyone tell me that how can we make a content inspection rule for the SMTP and POP3 traffic. Thanks in advance. Regards and have a nice day, Atul Shrivastava --------------------------------- Do you Yahoo!? U2 on LAUNCH - Exclusive medley & videos from Greatest Hits CD Hi, Can anyone tell me that how can we make a content inspection rule for the SMTP and POP3 traffic. Thanks in advance. Regards and have a nice day, Atul Shrivastava Do you Yahoo!? U2 on LAUNCH - Exclusive medley & videos from Greatest Hits CD
------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Re: Content Inspection Rule for SMT larc (Nov 11)