Snort mailing list archives
RE: Count option WAS smtp rcpt to overflow
From: "Andy McLeod" <andy.mcleod () alivero com>
Date: Fri, 14 Jun 2002 09:02:42 +0100
Greg Try adding sec to snort for this capability. http://www.estpak.ee/~risto/sec/ rgds/andy -----Original Message----- From: snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net]On Behalf Of Greg Wright Sent: 12 June 2002 01:27 To: Snort-users () lists sourceforge net Subject: [Snort-users] Count option WAS smtp rcpt to overflow I have been trying to use Snort to help us deal with a 'Joe Job' style spam attack. (A domain we host was used as the From address for a spam run that has meant that we are receiving all the undeliverables -- all 1 million+ and counting - over 6Gb easily) One of the things that would be really great was if snort could deal with a rule if it was seen 'x' number of times within a certain timeframe. Kinda like the portscan stuff I guess. Just an idea while I was playing with Snort a few nights ago. Cheers, Greg -----Original Message----- From: Edwin Eefting [mailto:edwin () bit nl] Sent: Thursday, 6 June 2002 1:32 AM To: Hugo Ferr; snort-users () lists sourceforge net Subject: Re: [Snort-users] smtp rcpt to overflow On Wed, 5 Jun 2002 10:44:42 -0400 Hugo Ferr <snortgrp () hotmail com> wrote:
'SMTP RCPT TO' overflow is buffer overflow for Lotus Sevrers. I have
7444 <snip> (maybe there should be added some "count option" for such exploits to these rules.) _______________________________________________________________ Don't miss the 2002 Sprint PCS Application Developer's Conference August 25-28 in Las Vegas - http://devcon.sprintpcs.com/adp/index.cfm?source=dntextlink _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=ort-users
<<attachment: winmail.dat>>
Current thread:
- Count option WAS smtp rcpt to overflow Greg Wright (Jun 13)
- RE: Count option WAS smtp rcpt to overflow Andy McLeod (Jun 17)