[Snort-sigs] (no subject)
Hugo van der Kooij
hvdkooij at ...481...
Sun Mar 31 01:28:02 EST 2002
# This is a template for submitting snort signature descriptions to
# the snort.org website
# Ensure that your descriptions are your own
# and not the work of others. References in the rules themselves
# should be used for linking to other's work.
# If you are unsure of some part of a rule, use that as a commentary
# and someone else perhaps will be able to fix it.
alert tcp $EXTERNAL_NET any -> $SMTP 25 (msg:"SMTP RCPT TO overflow"; flags:A+; flow:to_server; content:"rcpt to|3a|"; dsize:>800; reference:cve,CAN-2001-0260; reference:bugtraq,2283; classtype:attempted-admin; sid:654; rev:2;)
Ease of Attack:
These will occur rather frequently with the given rule.
They are most common when subscribed to mailinglists.
All email send to me is bound to the rules described on my homepage.
hvdkooij at ...481... http://hvdkooij.xs4all.nl/
Don't meddle in the affairs of sysadmins,
for they are subtle and quick to anger.
More information about the Snort-sigs