[Snort-users] Count option WAS smtp rcpt to overflow

Andy McLeod andy.mcleod at ...6107...
Mon Jun 17 20:10:07 EDT 2002


Greg

Try adding sec to snort for this capability.

http://www.estpak.ee/~risto/sec/

rgds/andy


-----Original Message-----
From: snort-users-admin at lists.sourceforge.net
[mailto:snort-users-admin at lists.sourceforge.net]On Behalf Of Greg Wright
Sent: 12 June 2002 01:27
To: Snort-users at lists.sourceforge.net
Subject: [Snort-users] Count option WAS smtp rcpt to overflow



I have been trying to use Snort to help us deal with a 'Joe Job' style
spam attack. (A domain we host was used as the From address for a spam
run that has meant that we are receiving all the undeliverables -- all 1
million+ and counting - over 6Gb easily)


One of the things that would be really great was if snort could deal
with a rule if it was seen 'x' number of times within a certain
timeframe. Kinda like the portscan stuff I guess.

Just an idea while I was playing with Snort a few nights ago.

Cheers,
Greg

-----Original Message-----
From: Edwin Eefting [mailto:edwin at ...2758...] 
Sent: Thursday, 6 June 2002 1:32 AM
To: Hugo Ferr; snort-users at lists.sourceforge.net
Subject: Re: [Snort-users] smtp rcpt to overflow

On Wed, 5 Jun 2002 10:44:42 -0400 Hugo Ferr <snortgrp at ...125...>
wrote:

> 'SMTP RCPT TO' overflow is buffer overflow for Lotus Sevrers. I have
7444

<snip> (maybe there should be added some "count option" for such
exploits
to these rules.)



_______________________________________________________________

Don't miss the 2002 Sprint PCS Application Developer's Conference
August 25-28 in Las Vegas -
http://devcon.sprintpcs.com/adp/index.cfm?source=dntextlink

_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=ort-users
-------------- next part --------------
A non-text attachment was scrubbed...
Name: winmail.dat
Type: application/ms-tnef
Size: 3012 bytes
Desc: not available
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20020617/95cb31c1/attachment.bin>


More information about the Snort-users mailing list