Snort mailing list archives
All MIME emails should be rejected
From: "Marc Quibell" <mquibell () fbfs com>
Date: Mon, 18 Aug 2003 11:49:37 -0500
This email is akin to spamming a list. Is there a list admin around here who can apply filters, and filter out MIME emails? I cannot spend a lot of time reading these to begin with, it would be helpful to have them filtered so we can all read, faster. Last option is to leave the list, and I just don't want to do that. It's no use trying to tell ppl to send text-only..I would like to think some know better. Others are just ignorant. Marc "Fat message follows:" --__--__-- Message: 2 From: "larosa, vjay" <larosa_vjay () emc com> To: "'snort-users () lists sourceforge net'" <snort-users () lists sourceforge net> Date: Sat, 16 Aug 2003 00:49:24 -0400 Subject: [Snort-users] MSBLASTER DOS a fizzle shanizzle! This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible. ------_=_NextPart_001_01C363B1.C3F8F5A0 Content-Type: text/plain FYI, If you do an nslookup of windowsupdate.com, you will see that M$ pulled the IP today (also sent an advisory out). I did some testing in the lab and the DOS will not trigger because the infected box can not resolve windowsupdate.com (not www.windowsupdate.com or windowsupdate.microsoft.com, just plain old windowsupdate.com). H:\>nslookup Default Server: mice.emc.com Address: 10.10.10.10
windowsupdate.com
Server: mice.emc.com Address: 10.10.10.10 Name: windowsupdate.com
See nothing, but just wait until the next version when the DOS target is all of the M$ sites. Okay, now everyone back to patching!!! vjl V.Jay LaRosa EMC Corporation Information Security 4400 Computer Dr. (508)898-7433 Office Westboro, MA 01580 (508)962-1482 Cell www.emc.com <http://www.emc.com> 888-799-9750 Pager vjl () emc com ------_=_NextPart_001_01C363B1.C3F8F5A0 Content-Type: text/html Content-Transfer-Encoding: quoted-printable <html xmlns:o=3D"urn:schemas-microsoft-com:office:office" = <SNIP 320 lines of html message crap> ------------------------------------------------------- This SF.Net email sponsored by: Free pre-built ASP.NET sites including Data Reports, E-commerce, Portals, and Forums are available now. Download today and enter to win an XBOX or Visual Studio .NET. http://aspnet.click-url.com/go/psa00100003ave/direct;at.aspnet_072303_01/01 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- All MIME emails should be rejected Marc Quibell (Aug 18)
- Re: All MIME emails should be rejected Matt Kettler (Aug 18)
- <Possible follow-ups>
- RE: All MIME emails should be rejected SRH-Lists (Aug 18)