[Snort-sigs] snort-rules CURRENT update @ Tue Nov 25 13:15:16 2003

bmc at ...95... bmc at ...95...
Tue Nov 25 10:16:05 EST 2003


This rule update was brought to you by Oinkmaster.

[*] Rule modifications: [*]

  [+++]           Added:           [+++]

     file -> smtp.rules
     alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg:"SMTP XEXCH50 overflow with evasion attempt"; flow:to_server,established; content:"XEXCH50"; nocase; content:"-0"; distance:1; reference:url,www.microsoft.com/technet/security/bulletin/MS03-046.asp; classtype:attempted-admin; sid:2254; rev:1;)
     alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg:"SMTP XEXCH50 overflow attempt"; flow:to_server,established; content:"XEXCH50"; nocase; content:"-"; distance:1; byte_test:1,>,0,0,relative,string; reference:url,www.microsoft.com/technet/security/bulletin/MS03-046.asp; classtype:attempted-admin; sid:2253; rev:1;)





More information about the Snort-sigs mailing list