Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Content Inspection Rule for SMT

From: "larc" <larc () pandora be>
Date: Mon 11 Nov 2002 14:22:55 +0100
Something like this.
For SMTP:
alert tcp any any -> $SMTP_SERVERS 25( sid: 1000001; rev: 1; msg: "SMTP blablabla content found"; flow: 
to_server,established; content: "blablabla";)

For pop3:
alert tcp $HOME_NET any -> $POP3_SERVERS 110( sid: 1000002; rev: 1; msg: "POP3 blablabla content found"; flow: 
to_server,established; content: "blablabla";)

Regards,
Stefan D.

------------------------
 Atul Shrivastava <atul_iet () yahoo com> wrote:
------------------------
Hi,


Can anyone tell me that how can we make a content inspection rule for the SMTP and POP3 traffic.

Thanks in advance.

Regards and have a nice day,

                                              Atul Shrivastava









---------------------------------
Do you Yahoo!?
U2 on LAUNCH - Exclusive medley & videos from Greatest Hits CD

Hi,
Can anyone tell me that how can we make a content inspection rule for the SMTP and POP3 traffic.
Thanks in advance.
Regards and have a nice day,
 Atul Shrivastava


Do you Yahoo!?
U2 on LAUNCH - Exclusive medley & videos from Greatest Hits CD





-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: