'[Snort-sigs] snort-rules CURRENT update @ Tue Nov 25 13:15:16 2003'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       snort-sigs
Subject:    [Snort-sigs] snort-rules CURRENT update @ Tue Nov 25 13:15:16 2003
From:       bmc () snort ! org
Date:       2003-11-25 18:15:16
[Download RAW message or body]


This rule update was brought to you by Oinkmaster.

[*] Rule modifications: [*]

  [+++]           Added:           [+++]

     file -> smtp.rules
     alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg:"SMTP XEXCH50 overflow with \
evasion attempt"; flow:to_server,established; content:"XEXCH50"; nocase; \
content:"-0"; distance:1; \
reference:url,www.microsoft.com/technet/security/bulletin/MS03-046.asp; \
classtype:attempted-admin; sid:2254; rev:1;)  alert tcp $EXTERNAL_NET any -> \
$SMTP_SERVERS 25 (msg:"SMTP XEXCH50 overflow attempt"; flow:to_server,established; \
content:"XEXCH50"; nocase; content:"-"; distance:1; \
byte_test:1,>,0,0,relative,string; \
reference:url,www.microsoft.com/technet/security/bulletin/MS03-046.asp; \
classtype:attempted-admin; sid:2253; rev:1;)



-------------------------------------------------------
This SF.net email is sponsored by: SF.net Giveback Program.
Does SourceForge.net help you be more productive?  Does it
help you create better code?  SHARE THE LOVE, and help us help
YOU!  Click Here: http://sourceforge.net/donate/
_______________________________________________
Snort-sigs mailing list
Snort-sigs@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-sigs


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic