Hosting Provided By

Re: [Snort-sigs] Not looking in Email

From: security people <securitypeople(at)hotmail.com>
Date: Wed May 21 2003 - 23:30:59 EDT

alert tcp any any <> $SMTP_SERVERS 25 (msg:"ETCPASSWD"; flags:A+; content: "/etc/passwd"; sid:1000004;)

Note the bidirectional sign <>

Original Message ----- From: "Esler, Joel Contractor" <EslerJ@RCERT-S.ARMY.MIL> To: <snort-sigs@lists.sourceforge.net> Sent: Wednesday, May 21, 2003 10:16 PM Subject: [Snort-sigs] Not looking in Email

> I know it has to be possible, to write a rule that will look for
however,
> is there a way I can make it NOT look in email? like if I define my SMTP

This SF.net email is sponsored by: ObjectStore. If flattening out C++ or Java code to make your application fit in a relational database is painful, don't do it! Check out ObjectStore. Now part of Progress Software. http://www.objectstore.net/sourceforge

Snort-sigs mailing list
Snort-sigs@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-sigs Received on Thu May 22 00:13:50 2003

This message: [ Message body ]
Next message: Dale L. Handy: "Re: [Snort-sigs] Not looking in Email"
In reply to: Esler, Joel Contractor: "[Snort-sigs] Not looking in Email"
In reply to Esler, Joel Contractor: "RE: [Snort-sigs] Not looking in Email"
Next in thread: Dale L. Handy: "Re: [Snort-sigs] Not looking in Email"
Reply: Dale L. Handy: "Re: [Snort-sigs] Not looking in Email"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:08:29 EDT