[prev in list] [next in list] [prev in thread] [next in thread] 

List:       snort-sigs
Subject:    [Snort-sigs] sid 567 - SMTP Relaying
From:       <shanew () shanew ! net>
Date:       2001-10-02 16:27:34
[Download RAW message or body]

I decided to turn on just a few of the policy rules, and discovered
that the SMTP Relaying denied rule doesn't work right.  So much, that
in fact it caught two false positives while missing a number of actual
hits.

While rev 2 made it a tighter rule with the addition of the "550 "
string, the direction of the arrows still seems to be interpreted
wrong by snort.  When I flip it to look like:
$SMTP 25 -> $EXTERNAL_NET any

it works as expected.

-- 
Public key #7BBC68D9 at            |                 Shane Williams
http://pgp.mit.edu/                |
=----------------------------------+-------------------------------
All syllogisms contain three lines |              shanew@shanew.net
Therefore this is not a syllogism  |   www.gslis.utexas.edu/~shanew


_______________________________________________
Snort-sigs mailing list
Snort-sigs@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-sigs

[prev in list] [next in list] [prev in thread] [next in thread]