[Snort-sigs] new rule for detect GNU Mailutils imap4d SEARCH format string via hex attempt

rmkml rmkml at ...324...
Tue Dec 13 03:43:08 EST 2005


please check and maybe add this new rule :

imap.rules:alert tcp $EXTERNAL_NET any -> $HOME_NET 143 (msg:"IMAP GNU Mailutils imap4d hex attempt"; flow:established,to_server; content:"SEARCH TOPIC %"; reference:cve,2005-2878; reference:bugtraq,14794; reference:nessus,19605; reference:osvdb,19306; classtype:misc-attack; )

this rule IS NOT TESTED.

Improve/comments are welcome.


More information about the Snort-sigs mailing list