[Snort-sigs] (no subject)

Hugo van der Kooij hvdkooij at ...481...
Sun Mar 31 01:28:02 EST 2002


# This is a template for submitting snort signature descriptions to
# the snort.org website
#
# Ensure that your descriptions are your own
# and not the work of others.  References in the rules themselves
# should be used for linking to other's work. 
#
# If you are unsure of some part of a rule, use that as a commentary
# and someone else perhaps will be able to fix it.
# 
# $Id$
#
# 

Rule:  
alert tcp $EXTERNAL_NET any -> $SMTP 25 (msg:"SMTP RCPT TO overflow"; flags:A+; flow:to_server; content:"rcpt to|3a|"; dsize:>800; reference:cve,CAN-2001-0260; reference:bugtraq,2283; classtype:attempted-admin; sid:654; rev:2;)

--
Sid:
654

--
Summary:

--
Impact:

--
Detailed Information:

--
Attack Scenarios:

--
Ease of Attack:

--
False Positives:
These will occur rather frequently with the given rule.
They are most common when subscribed to mailinglists.

--
False Negatives:

--
Corrective Action:

--
Contributors:

-- 
Additional References:

-- 
All email send to me is bound to the rules described on my homepage.
    hvdkooij at ...481...		http://hvdkooij.xs4all.nl/
	    Don't meddle in the affairs of sysadmins,
	    for they are subtle and quick to anger.





More information about the Snort-sigs mailing list