Snort mailing list archives

All MIME emails should be rejected

From: "Marc Quibell" <mquibell () fbfs com>
Date: Mon, 18 Aug 2003 11:49:37 -0500




This email is akin to spamming a list. Is there a list admin around here who can
apply filters, and filter out MIME emails? I cannot spend a lot of time reading
these to begin with, it would be helpful to have them filtered so we can all
read, faster. Last option is to leave the list, and I just don't want to do
that.

It's no use trying to tell ppl to send text-only..I would like to think some
know better. Others are just ignorant.

Marc

"Fat message follows:"
--__--__--

Message: 2
From: "larosa, vjay" <larosa_vjay () emc com>
To: "'snort-users () lists sourceforge net'"
      <snort-users () lists sourceforge net>
Date: Sat, 16 Aug 2003 00:49:24 -0400
Subject: [Snort-users] MSBLASTER DOS a fizzle shanizzle!

This message is in MIME format.
Since your mail reader does not understand
this format, some or all of this message may not be legible.

------_=_NextPart_001_01C363B1.C3F8F5A0
Content-Type: text/plain

FYI,

If you do an nslookup of windowsupdate.com, you will see that M$ pulled the
IP today (also sent an advisory out). I did some testing in the lab and the
DOS will not trigger because the infected box can not resolve
windowsupdate.com (not www.windowsupdate.com or windowsupdate.microsoft.com,
just plain old windowsupdate.com).

H:\>nslookup
Default Server:  mice.emc.com
Address:  10.10.10.10

windowsupdate.com

Server:  mice.emc.com
Address:  10.10.10.10

Name:    windowsupdate.com


See nothing, but just wait until the next version when the DOS target is all
of the M$ sites. Okay, now everyone back to patching!!!

vjl


V.Jay LaRosa                  EMC Corporation
Information Security         4400 Computer Dr.
(508)898-7433 Office       Westboro, MA 01580
(508)962-1482 Cell           www.emc.com <http://www.emc.com>
888-799-9750 Pager         vjl () emc com


------_=_NextPart_001_01C363B1.C3F8F5A0
Content-Type: text/html
Content-Transfer-Encoding: quoted-printable

<html xmlns:o=3D"urn:schemas-microsoft-com:office:office" =

<SNIP 320 lines of html message crap>




-------------------------------------------------------
This SF.Net email sponsored by: Free pre-built ASP.NET sites including
Data Reports, E-commerce, Portals, and Forums are available now.
Download today and enter to win an XBOX or Visual Studio .NET.
http://aspnet.click-url.com/go/psa00100003ave/direct;at.aspnet_072303_01/01
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

All MIME emails should be rejected Marc Quibell (Aug 18)
- Re: All MIME emails should be rejected Matt Kettler (Aug 18)
- <Possible follow-ups>
- RE: All MIME emails should be rejected SRH-Lists (Aug 18)