Home page logo
/

snort logo Snort mailing list archives

Re: [Snort-sigs] Could you send me on a signature to capture all emails that are sent to a domain, for example “ () tnt com”
From: Balasubramaniam Natarajan <bala150985 () gmail com>
Date: Sun, 20 Jan 2013 00:07:28 +0530

On Sat, Jan 19, 2013 at 1:30 AM, Aisling Brennan <aislingbrennan21 () gmail com
wrote:




Two points

1. Please don't convey the entire message using the Subject :-O

2.  Try this signature

alert tcp $HOME_NET any -> $EXTERNAL_NET 25 (msg:"Mail sent to at tnt dot
com domain"; flow:to_server,established; content:"rcpt to|3a|"; nocase;
content:"|40|tnt|2e|com"; within:800; sid:10000000; rev:1;)

-- 
Regards,
Balasubramaniam Natarajan
www.blog.etutorshop.com
------------------------------------------------------------------------------
Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012, HTML5, CSS,
MVC, Windows 8 Apps, JavaScript and much more. Keep your skills current
with LearnDevNow - 3,200 step-by-step video tutorials by Microsoft
MVPs and experts. SALE $99.99 this month only -- learn more at:
http://p.sf.net/sfu/learnmore_122912
_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
http://www.snort.org


Please visit http://blog.snort.org for the latest news about Snort!

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]