[Snort-users] new to snort
Alex Butcher, ISC/ISYS
Alex.Butcher at ...11254...
Tue Feb 8 01:51:20 EST 2005
--On 07 February 2005 16:27 +0100 Jürgen Schinker
<ba1020 at ...11989...> wrote:
> can somebody write me a rule to detect simple mail Traffic from HOME_NET
> -> EXTERNAL_NET?
Assuming you just mean SMTP by 'simple mail traffic':
alert tcp $HOME_NET any -> $EXTERNAL_NET 25 (msg:"SMTP detected";
should do the job.
Remove 'flow:established' if you want to detect SMTP scans as well as
Alex Butcher: Security & Integrity, Personal Computer Systems Group
Information Systems and Computing GPG Key ID: F9B27DC9
GPG Fingerprint: D62A DD83 A0B8 D174 49C4 2849 832D 6C72 F9B2 7DC9
More information about the Snort-users