Snort mailing list archives
Question on 663
From: Jack Pepper <pepperjack () afferentsecurity com>
Date: Thu, 09 Apr 2009 10:13:38 -0500
This rule looks for "RCPT TO: ;" The reference to cve,1999-0095 regards sendmail having the "debug" command enabled. Ditto for the bugtraq,1 reference. And arachnids has been dead for at least 5 years. Anybody know why this rule exists? What is the exploitation of RCPT TO ? jp -- Framework? I don't need no stinking framework! ---------------------------------------------------------------- @fferent Security Labs: Isolate/Insulate/Innovate http://www.afferentsecurity.com ------------------------------------------------------------------------------ This SF.net email is sponsored by: High Quality Requirements in a Collaborative Environment. Download a free trial of Rational Requirements Composer Now! http://p.sf.net/sfu/www-ibm-com _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Question on 663 Jack Pepper (Apr 09)
- Re: Question on 663 rmkml (Apr 09)
- Re: Question on 663 Jack Pepper (Apr 09)
- Re: Question on 663 rmkml (Apr 09)
- Re: Question on 663 Jack Pepper (Apr 09)
- Re: Question on 663 - solved Jack Pepper (Apr 09)
- Re: Question on 663 - solved Nigel Houghton (Apr 09)
- Re: Question on 663 Jack Pepper (Apr 09)
- Re: Question on 663 Jack Pepper (Apr 09)
- Re: Question on 663 rmkml (Apr 09)