[Snort-users] Multiple Content (not working?)

skill 's skill2die4 at ...131...
Wed May 15 07:28:02 EDT 2002


> pass tcp $SMTPX any -> $MYSMTP 25
(content:"that at ...1266...";nocase;content:"my at ...1266...";nocase;)
> alert tcp $SMTPX any -> $MYSMTP
25(content:"that at ...1266...";nocase;resp:rst_all;)


I am novice to RULE-WRITING of snort ... so i might be
WRONG .. however , how can u define $SMTPX ??

should'nt your rule be:  

alert tcp any any -> $MY-SMTP 25 (content:"pig at ...5878...";nocase;)

__________________________________________________
Do You Yahoo!?
LAUNCH - Your Yahoo! Music Experience
http://launch.yahoo.com




More information about the Snort-users mailing list