[Snort-sigs] Duplicate reference for sig 2260

Sean Wheeler s.wheeler at ...944...
Sat Apr 3 01:30:05 EST 2004


alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg:"SMTP VRFY overflow
attempt"; flow:to_server,established; content:"VRFY"; nocase;
pcre:"/^VRFY[^\n]{255,}/smi"; classtype:attempted-admin;
reference:cve,CAN-2003-0161; reference:bugtraq,7230;
reference:cve,CAN-2003-0161; reference:bugtraq,6991;
reference:cve,CAN-2002-1337; sid:2260; rev:1;)
^^^^^^^^^^^^^^^^^^^^^^^^^^^
^^^^^^^^^^^^^^^^^^^^^^^^^^^^


regards

Sean



#SID:2260
#ORIGIN BASE:   alert   tcp     external_net    any     ->      smtp_servers
25
#STAND GROUP:   alert   tcp     any             any     ->      home_net
25
#ALLOC GROUP:   alert   tcp     any             any     ->      $tcp_25
25
#ORIG SIG:      alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg:"SMTP
VRFY overflow attempt"; flow:to_server,established; content:"VRFY"; nocase;
pcre:"/^VRFY[^\n]{255,}/smi"; classtype:attem
pted-admin; reference:cve,CAN-2003-0161; reference:bugtraq,7230;
reference:cve,CAN-2003-0161; reference:bugtraq,6991;
reference:cve,CAN-2002-1337; sid:2260; rev:1;)
#ORIG SIG clean:322
#alerttcp$external_netany->$smtp_servers25(msg:"smtpvrfyoverflowattempt";flo
w:to_server,established;content:"vrfy";nocase;pcre:"/^vrfy[^\n]{255,}/smi";c
lasstype:attempted-admin;reference:cve,can-2
003-0161;reference:bugtraq,7230;reference:cve,can-2003-0161;reference:bugtra
q,6991;reference:cve,can-2002-1337;sid:2260;rev:1;)
#RECON COMPARE:294
#alerttcp$external_netany->$smtp_servers25(msg:"smtpvrfyoverflowattempt";cla
sstype:attempted-admin;sid:2260;rev:1;reference:bugtraq,6991;reference:bugtr
aq,7230;reference:cve,can-2002-1337;referenc
e:cve,can-2003-0161;content:"vrfy";nocase;pcre:"/^vrfy[^\n]{255,}/smi";flow:
to_server,established;)
INTEGRITY FAILURE:      alert tcp any any -> $tcp_25 25 (msg:"SMTP VRFY
overflow attempt"; classtype:attempted-admin; sid:2260; rev:1;
reference:bugtraq,6991; reference:bugtraq,7230; reference:cve
,CAN-2002-1337; reference:cve,CAN-2003-0161; content:"VRFY"; nocase;
pcre:"/^VRFY[^\n]{255,}/smi"; flow:to_server,established;)





More information about the Snort-sigs mailing list