[Snort-devel] [ snort-Bugs-463643 ] policy.rules modification?

noreply at ...12... noreply at ...12...
Sat Sep 22 06:42:02 EDT 2001


Bugs item #463643, was opened at 2001-09-21 11:46
You can respond by visiting: 
http://sourceforge.net/tracker/?func=detail&atid=103357&aid=463643&group_id=3357

Category: None
Group: None
Status: Open
Resolution: None
Priority: 5
Submitted By: Nobody/Anonymous (nobody)
Assigned to: Nobody/Anonymous (nobody)
Summary: policy.rules modification?

Initial Comment:
policy.rules looks for the string 5.7.1 in the fist 70 
bytes of any packet originating from port 25, and 
assumes its a smtp relay attempt.

so far, i have yet to catch a REAL one, but found 
several emails where by accident they include a 5.7.1 
in the first few bytes of a 'random' packet.

Suggest changing string to '550 5.7.1' to avoid false 
alarms.



----------------------------------------------------------------------

You can respond by visiting: 
http://sourceforge.net/tracker/?func=detail&atid=103357&aid=463643&group_id=3357




More information about the Snort-devel mailing list