Security Basics mailing list archives
Re: detecting SMTP engine behaviour
From: xyberpix <xyberpix () xyberpix com>
Date: Thu, 4 May 2006 19:16:54 +0100
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1If you have any IDS kit then you should be able to write a custom signature to pick up any SMTP traffic not coming from your specified mail servers. Another option would be to get your firewall to alert you when it see's any SMTP traffic coming from anything aside from the "real" hosts.
HTH xyberpix Blog: http://blogs.securiteam.com On 1 May 2006, at 12:22, ahmad mubarak wrote:
hi all as you know new viruses use SMTP Engine techniques to distrpute itself to other machines and email addresses they find when scanning the hard drives and mapped drives. is there any way to detect the malformed SMTP traffic and the source address of machine host the worm or the SMTP engine since the worms use different sender account not related to the same source machine accounts.---------------------------------------------------------------------- ---This List Sponsored by: WebrootDon't leave your confidential company and customer records un- protected.Try Webroot's Spy Sweeper Enterprise(TM) for 30 days for FREE with no obligation. See why so many companies trust Spy Sweeper Enterprise to eradicate spyware from their networks. FREE 30-Day Trial of Spy Sweeper Enterprise http://www.webroot.com/forms/enterprise_lead.php---------------------------------------------------------------------- ----
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (Darwin) iD8DBQFEWkUW2VKEoIQBZwkRAgE2AKCAst+BjU54Pkx95zv3b0d83NmItQCfazWD /hZ1inGTC/wJ5ZKWQnNdRSI= =8GZR -----END PGP SIGNATURE-----
Current thread:
- detecting SMTP engine behaviour ahmad mubarak (May 01)
- Re: detecting SMTP engine behaviour ahmad mubarak (May 02)
- Re: detecting SMTP engine behaviour xyberpix (May 04)
- <Possible follow-ups>
- RE: detecting SMTP engine behaviour Greg owens (May 01)
- Re: detecting SMTP engine behaviour nasim_chowdhury (May 01)