Which may be found at http://www.grotto-group.com/~gulfie/projects... maybe
| ./snortrules-COMM-2.4/rules/community-smtp.rules Fri Dec 2 01:26:19 2005 | |
|---|---|
| Filename : line | Rules |
| ./snortrules-COMM-2.4/rules/community-smtp.rules : 1 | # Copyright 2005 Sourcefire, Inc. All Rights Reserved.
|
| ./snortrules-COMM-2.4/rules/community-smtp.rules : 2 | # These rules are licensed under the GNU General Public License.
|
| ./snortrules-COMM-2.4/rules/community-smtp.rules : 3 | # Please see the file LICENSE in this directory for more details.
|
| ./snortrules-COMM-2.4/rules/community-smtp.rules : 4 | # $Id: community-smtp.rules,v 1.3 2005/11/16 15:35:30 akirk Exp $
|
| ./snortrules-COMM-2.4/rules/community-smtp.rules : 5 |
|
| ./snortrules-COMM-2.4/rules/community-smtp.rules : 6 | alert tcp $EXTERNAL_NET any - > $SMTP_SERVERS 25 (msg:"COMMUNITY SMTP Hydra Activity Detected"; flow:to_server,established; content:"hydra"; nocase; pcre:"/^(EH|HE)LO\s+hydra\x0D\x0A/smi"; reference:url,www.thc.org/releases.php; classtype:misc-attack; sid:100000167; rev:1;)
|
| ./snortrules-COMM-2.4/rules/community-smtp.rules : 7 | #Rule submitted by rmkml
|
| ./snortrules-COMM-2.4/rules/community-smtp.rules : 8 | alert tcp $EXTERNAL_NET any - > $SMTP_SERVERS 25 (msg:"COMMUNITY SMTP Gnu Mailman utf8 attachement access"; flow:to_server,established; content:"Content-Disposition|3A 20|attachement"; nocase; content:"filename|2A 3D|utf|2D|8"; nocase; content:"Content-Transfer-Encoding|3A 20|base64"; nocase; reference:bugtraq,15408; reference:cve,2005-3573; reference:url,www.osvdb.org/displayvuln.php?osvdb_id=20819; classtype:attempted-dos; sid:100000191; rev:1;)
|