Re: [Snort-sigs] Not looking in Email

From: security people <securitypeople(at)hotmail.com>
Date: Thu May 22 2003 - 07:54:43 EDT

Yes that is correct. Sorry I forgot to put the ! sign in my previous posting.

• Original Message ----- From: "Dale L. Handy" <dhandy@nitrodata.com> To: <snort-sigs@lists.sourceforge.net> Cc: "Esler, Joel Contractor" <EslerJ@RCERT-S.ARMY.MIL> Sent: Wednesday, May 21, 2003 11:45 PM Subject: Re: [Snort-sigs] Not looking in Email

> Actually, what you want is:
content:"/etc/passwd"; sid:1000004;)
>
> or:
>
> alert tcp any any <> $HOME_NET !25 (msg:"ETCPASSWD"; flags:A+; content:
IMAP...
>
>
> security people wrote:
content:
> >"/etc/passwd"; sid:1000004;)
SMTP
> >>servers in snort.conf and then write like
> >>
> >>alert tcp any any -> $HOME_NET !$SMTP_SERVERS any ....
> >>
> >>or something like that?
> >>
> >>Joel Esler
> >>
> >>
> >>-------------------------------------------------------
(cell)
>
>
>
>
> -------------------------------------------------------

---

This SF.net email is sponsored by: ObjectStore. If flattening out C++ or Java code to make your application fit in a relational database is painful, don't do it! Check out ObjectStore. Now part of Progress Software. http://www.objectstore.net/sourceforge

---

Snort-sigs mailing list
Snort-sigs@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-sigs Received on Thu May 22 08:37:17 2003