Snort mailing list archives
Re: SMTP Backscatter
From: Jeff Kell <jeff-kell () utc edu>
Date: Sun, 16 Feb 2014 10:40:17 -0500
On 2/16/2014 10:25 AM, waldo kitty wrote:
On 2/16/2014 9:54 AM, Dave Corsello wrote:Guys, thanks, but I don't need advice on setting up SMTP--at least not in this situation. Just looking for an answer to the following: Can Snort somehow: 1) detect an outgoing 450 4.1.1 error;yes, it can easily do this...and in response, 2) block all incoming SMTP traffic from the sender IP for a period of time?i'm not aware of this ever having been done...
It may have been possible with certain incantations of Snortsam, which could block *specific* traffic for certain output plugin modules. Current Snortsam functionality, with plugin support in barnyard2 (no more snort source patching) can be used to block the source IP (unilaterally). So you would block the attacking IP across the board of protocols/destinations. We do this on our inbound SMTP (to detect spamming / farming) as well as outbound (compromised hosts used to send spam). Jeff ------------------------------------------------------------------------------ Android apps run on BlackBerry 10 Introducing the new BlackBerry 10.2.1 Runtime for Android apps. Now with support for Jelly Bean, Bluetooth, Mapview and more. Get your Android app in front of a whole new audience. Start now. http://pubads.g.doubleclick.net/gampad/clk?id=124407151&iu=/4140/ostg.clktrk _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- SMTP Backscatter Dave Corsello (Feb 14)
- Re: SMTP Backscatter Jason Haar (Feb 15)
- Re: SMTP Backscatter waldo kitty (Feb 15)
- Re: SMTP Backscatter Dave Corsello (Feb 16)
- Re: SMTP Backscatter waldo kitty (Feb 16)
- Re: SMTP Backscatter Jeff Kell (Feb 16)
- Re: SMTP Backscatter waldo kitty (Feb 16)
- Message not available
- Message not available
- Re: SMTP Backscatter Dave Corsello (Feb 18)
- Re: SMTP Backscatter waldo kitty (Feb 18)
- Re: SMTP Backscatter waldo kitty (Feb 15)
- Re: SMTP Backscatter Jason Haar (Feb 15)