Home page logo

snort logo Snort mailing list archives

Re: Could you send me on a signature to captur e all emails that are sent to a domain, for example “ @tnt.com”.
From: Aisling Brennan <aislingbrennan21 () gmail com>
Date: Sat, 26 Jan 2013 21:16:51 +0000

Hi there,

This worked fine. 

Can you help with syntax for a rule to detect email attachnents ? 


Sent from my iPhone

On 19 Jan 2013, at 18:37, Balasubramaniam Natarajan <bala150985 () gmail com> wrote:

On Sat, Jan 19, 2013 at 1:30 AM, Aisling Brennan <aislingbrennan21 () gmail com> wrote:

Two points

1. Please don't convey the entire message using the Subject :-O

2.  Try this signature

alert tcp $HOME_NET any -> $EXTERNAL_NET 25 (msg:"Mail sent to at tnt dot com domain"; flow:to_server,established; 
content:"rcpt to|3a|"; nocase; content:"|40|tnt|2e|com"; within:800; sid:10000000; rev:1;)

Balasubramaniam Natarajan
Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012, HTML5, CSS,
MVC, Windows 8 Apps, JavaScript and much more. Keep your skills current
with LearnDevNow - 3,200 step-by-step video tutorials by Microsoft
MVPs and experts. ON SALE this month only -- learn more at:
Snort-sigs mailing list
Snort-sigs () lists sourceforge net

Please visit http://blog.snort.org for the latest news about Snort!

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]