Snort mailing list archives
Re: (no subject)
From: Ralf Hildebrandt <Ralf.Hildebrandt () charite de>
Date: Fri, 26 Apr 2002 01:03:35 +0200
On Wed, Apr 24, 2002 at 04:43:37PM -0400, C Boss wrote:
alert tcp $EXTERNAL_NET any -> $SMTP 25 (msg:"SMTP RCPT TO overflow"; flags:A+; content:"rcpt to|3a|"; dsize:>800; reference:cve,CAN-2001-0260; reference:bugtraq,2283; classtype:attempted-admin; sid:654; rev:1;) is it looking at the data size of the SMTP "content" field or the size of the payload ?
What is a "SMTP content field"? I think you'e mixing SMTP with MIME, aren't you? -- Ralf Hildebrandt (Im Auftrag des Referat V A) Ralf.Hildebrandt () charite de Charite Campus Virchow-Klinikum Tel. +49 (0)30-450 570-155 Referat V A - Kommunikationsnetze - Fax. +49 (0)30-450 570-916 Why you can't find your system administrators: Hiding in another office where he can work without getting interrupted. _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Re: (no subject), (continued)
- Re: (no subject) John Sage (Apr 10)
- (no subject) Federico Rena (Apr 10)
- RE: (no subject) Omolayo Salako (Apr 10)
- (no subject) rakesh (Apr 11)
- (no subject) Ha Hoang (Apr 13)
- (no subject) Chris Eidem (Apr 14)
- Re: (no subject) Erek Adams (Apr 14)
- RE: (no subject) Chris Eidem (Apr 15)
- RE: Syslog Coughs? Erek Adams (Apr 15)
- (no subject) C Boss (Apr 25)
- Re: (no subject) Ralf Hildebrandt (Apr 25)
- (no subject) Zero Dark (May 04)
- Re: (no subject) Matt Kettler (May 04)
- (no subject) Vadim Pushkin (May 07)
- (no subject) Z . Qili (May 07)
- (no subject) John Maestrale (May 20)
- (no subject) John Maestrale (May 29)
- (no subject) Hugo Ferr (May 31)
- Re: (no subject) Rich Adamson (May 31)
- RE: (no subject) John Stroud (May 31)
- RE: (no subject) Wirth, Jeff (May 31)
(Thread continues...)