[prev in list] [next in list] [prev in thread] [next in thread]
List: snort-sigs
Subject: [Snort-sigs] sid 567 - SMTP Relaying
From: <shanew () shanew ! net>
Date: 2001-10-02 16:27:34
[Download RAW message or body]
I decided to turn on just a few of the policy rules, and discovered
that the SMTP Relaying denied rule doesn't work right. So much, that
in fact it caught two false positives while missing a number of actual
hits.
While rev 2 made it a tighter rule with the addition of the "550 "
string, the direction of the arrows still seems to be interpreted
wrong by snort. When I flip it to look like:
$SMTP 25 -> $EXTERNAL_NET any
it works as expected.
--
Public key #7BBC68D9 at | Shane Williams
http://pgp.mit.edu/ |
=----------------------------------+-------------------------------
All syllogisms contain three lines | shanew@shanew.net
Therefore this is not a syllogism | www.gslis.utexas.edu/~shanew
_______________________________________________
Snort-sigs mailing list
Snort-sigs@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic