[Snort-users] Question on 663

Jack Pepper pepperjack at ...14319...
Thu Apr 9 11:13:38 EDT 2009

This rule looks for "RCPT TO: ;"

The reference to cve,1999-0095 regards sendmail having the "debug"  
command enabled. Ditto for the bugtraq,1 reference.  And arachnids has  
been dead for at least 5 years.

Anybody know why this rule exists?  What is the exploitation of RCPT TO ?



Framework?  I don't need no stinking framework!

@fferent Security Labs:  Isolate/Insulate/Innovate  

More information about the Snort-users mailing list