[Snort-sigs] Rule for detecting MS Exchange SMTP AUTH LOGON brute force attemp ts.

Grejda, Eric EGrejda at ...2028...
Thu Nov 13 10:44:06 EST 2003


alert tcp $HOME_NET 25 -> $EXTERNAL_NET any (msg:"MS Exchange SMTP AUTH
LOGON brute force attempt"; content:"Authentication unsuccessful";
offset:54; nocase; rev:2; classtype:successful-user; threshold:type
threshold, track by_dst, count 5, seconds 60; sid:1000500;)

--
Eric Grejda




More information about the Snort-sigs mailing list