Security Basics mailing list archives

RE: detecting SMTP engine behaviour

From: "Greg owens" <gowens () covad net>
Date: Mon, 1 May 2006 10:25:11 -0400

I created a custom signature to detect  all SMTP not authorized 

Greg Owens, CCNP CCSP CISSP
Telephone: 202-489-5252
Email:gowens () covad net
--------------------------
Sent from my Samsung I730 Wireless Handheld



-----Original Message-----
   >From: "ahmad mubarak"<gosi.infosec () gmail com>
   >Sent: 5/1/06 7:22:28 AM
   >To: "security-basics () securityfocus com"<security-basics () securityfocus com>
   >Subject: detecting SMTP engine behaviour
     >hi all
   >
   >as you know new viruses use SMTP Engine techniques to distrpute itself
   >to other machines and email addresses they find  when scanning the
   >hard drives and mapped drives.
   >
   >is there any way to detect the malformed SMTP traffic and the source
   >address of machine host the worm or the SMTP engine since the worms
   >use different sender account not related to the same source machine
   >accounts.
   >
   >-------------------------------------------------------------------------
   >This List Sponsored by: Webroot
   >
   >Don't leave your confidential company and customer records un-protected. 
   >Try Webroot's Spy Sweeper Enterprise(TM) for 30 days for FREE with no 
   >obligation. See why so many companies trust Spy Sweeper Enterprise to 
   >eradicate spyware from their networks.
   >FREE 30-Day Trial of Spy Sweeper Enterprise
   >
   >http://www.webroot.com/forms/enterprise_lead.php
   >--------------------------------------------------------------------------
   >
   >
   >


-------------------------------------------------------------------------
This List Sponsored by: Webroot

Don't leave your confidential company and customer records un-protected. 
Try Webroot's Spy Sweeper Enterprise(TM) for 30 days for FREE with no 
obligation. See why so many companies trust Spy Sweeper Enterprise to 
eradicate spyware from their networks.
FREE 30-Day Trial of Spy Sweeper Enterprise

http://www.webroot.com/forms/enterprise_lead.php
--------------------------------------------------------------------------

Current thread:

detecting SMTP engine behaviour ahmad mubarak (May 01)
- Re: detecting SMTP engine behaviour ahmad mubarak (May 02)
- Re: detecting SMTP engine behaviour xyberpix (May 04)
- <Possible follow-ups>
- RE: detecting SMTP engine behaviour Greg owens (May 01)
- Re: detecting SMTP engine behaviour nasim_chowdhury (May 01)