[prev in list] [next in list] [prev in thread] [next in thread]
List: snort-sigs
Subject: [Snort-sigs] snort-rules CURRENT update @ Tue Nov 25 13:15:16 2003
From: bmc () snort ! org
Date: 2003-11-25 18:15:16
[Download RAW message or body]
This rule update was brought to you by Oinkmaster.
[*] Rule modifications: [*]
[+++] Added: [+++]
file -> smtp.rules
alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg:"SMTP XEXCH50 overflow with \
evasion attempt"; flow:to_server,established; content:"XEXCH50"; nocase; \
content:"-0"; distance:1; \
reference:url,www.microsoft.com/technet/security/bulletin/MS03-046.asp; \
classtype:attempted-admin; sid:2254; rev:1;) alert tcp $EXTERNAL_NET any -> \
$SMTP_SERVERS 25 (msg:"SMTP XEXCH50 overflow attempt"; flow:to_server,established; \
content:"XEXCH50"; nocase; content:"-"; distance:1; \
byte_test:1,>,0,0,relative,string; \
reference:url,www.microsoft.com/technet/security/bulletin/MS03-046.asp; \
classtype:attempted-admin; sid:2253; rev:1;)
-------------------------------------------------------
This SF.net email is sponsored by: SF.net Giveback Program.
Does SourceForge.net help you be more productive? Does it
help you create better code? SHARE THE LOVE, and help us help
YOU! Click Here: http://sourceforge.net/donate/
_______________________________________________
Snort-sigs mailing list
Snort-sigs@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic