[Snort-sigs] Using snort to stop SMTP dictionary attacks

Steve Cody snortadmin at ...1556...
Wed Jun 4 15:26:04 EDT 2003


Hey guys,

I'm fairly new to this list so I apologize if I do something newbieish.

I've searched dejanews already and have found nothing, so I am here.

I would like to know if there is a way to use snort to detect SMTP
address harvesting attempts, and alert on them, and also do TCP resets
of the SMTP session when it detects a harvesting attempt.

I think something like this would be VERY valuable to have.

I'm using Snort 2.0 with MySQL, in conjunction with Demarc PureSecure.

Thanks in advance!
Steve Cody





More information about the Snort-sigs mailing list