Snort mailing list archives
Re: Could you send me on a signature to capture all emails that are sent to a domain, for example “@tnt.com”.
From: Ned Moran <ned () mysterymachine info>
Date: Sat, 26 Jan 2013 16:38:58 -0500
send an email to yourself in a lab environment. record the pcaps. write and test a rule based on those pcaps. youll learn more doing this yourself. -ned On 1/26/13 4:16 PM, Aisling Brennan wrote:
Hi there, This worked fine. Can you help with syntax for a rule to detect email attachnents ? Tks Sent from my iPhone On 19 Jan 2013, at 18:37, Balasubramaniam Natarajan <bala150985 () gmail com> wrote:On Sat, Jan 19, 2013 at 1:30 AM, Aisling Brennan <aislingbrennan21 () gmail com> wrote: Two points 1. Please don't convey the entire message using the Subject :-O 2. Try this signature alert tcp $HOME_NET any -> $EXTERNAL_NET 25 (msg:"Mail sent to at tnt dot com domain"; flow:to_server,established; content:"rcpt to|3a|"; nocase; content:"|40|tnt|2e|com"; within:800; sid:10000000; rev:1;) -- Regards, Balasubramaniam Natarajan www.blog.etutorshop.com------------------------------------------------------------------------------ Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012, HTML5, CSS, MVC, Windows 8 Apps, JavaScript and much more. Keep your skills current with LearnDevNow - 3,200 step-by-step video tutorials by Microsoft MVPs and experts. ON SALE this month only -- learn more at: http://p.sf.net/sfu/learnnow-d2d _______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org Please visit http://blog.snort.org for the latest news about Snort!
------------------------------------------------------------------------------ Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012, HTML5, CSS, MVC, Windows 8 Apps, JavaScript and much more. Keep your skills current with LearnDevNow - 3,200 step-by-step video tutorials by Microsoft MVPs and experts. ON SALE this month only -- learn more at: http://p.sf.net/sfu/learnnow-d2d
_______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- Could you send me on a signature to capture all emails that are sent to a domain, for example “@tnt.com”. Aisling Brennan (Jan 18)
- Re: [Snort-sigs] Could you send me on a signature to capture all emails that are sent to a domain, for example “@tnt.com”. Balasubramaniam Natarajan (Jan 19)
- Re: Could you send me on a signature to capture all emails that are sent to a domain, for example “@tnt.com”. Aisling Brennan (Jan 26)
- Re: Could you send me on a signature to capture all emails that are sent to a domain, for example “@tnt.com”. lists () packetmail net (Jan 26)
- Re: Could you send me on a signature to capture all emails that are sent to a domain, for example “@tnt.com”. Ned Moran (Jan 26)
- Re: Could you send me on a signature to capture all emails that are sent to a domain, for example “@tnt.com”. waldo kitty (Jan 26)
- Re: Could you send me on a signature to capture all emails that are sent to a domain, for example “@tnt.com”. Aisling Brennan (Jan 26)
- Re: [Snort-sigs] Could you send me on a signature to capture all emails that are sent to a domain, for example “@tnt.com”. Balasubramaniam Natarajan (Jan 19)