[Snort-sigs] Using snort to stop SMTP dictionary attacks
snortadmin at ...1556...
Wed Jun 4 15:26:04 EDT 2003
I'm fairly new to this list so I apologize if I do something newbieish.
I've searched dejanews already and have found nothing, so I am here.
I would like to know if there is a way to use snort to detect SMTP
address harvesting attempts, and alert on them, and also do TCP resets
of the SMTP session when it detects a harvesting attempt.
I think something like this would be VERY valuable to have.
I'm using Snort 2.0 with MySQL, in conjunction with Demarc PureSecure.
Thanks in advance!
More information about the Snort-sigs