|
Snort
mailing list archives
Re: Could you send me on a signature to captur e all emails that are sent to a domain, for example “ @tnt.com”.
From: Aisling Brennan <aislingbrennan21 () gmail com>
Date: Sat, 26 Jan 2013 21:16:51 +0000
Hi there,
This worked fine.
Can you help with syntax for a rule to detect email attachnents ?
Tks
Sent from my iPhone
On 19 Jan 2013, at 18:37, Balasubramaniam Natarajan <bala150985 () gmail com> wrote:
On Sat, Jan 19, 2013 at 1:30 AM, Aisling Brennan <aislingbrennan21 () gmail com> wrote:
Two points
1. Please don't convey the entire message using the Subject :-O
2. Try this signature
alert tcp $HOME_NET any -> $EXTERNAL_NET 25 (msg:"Mail sent to at tnt dot com domain"; flow:to_server,established;
content:"rcpt to|3a|"; nocase; content:"|40|tnt|2e|com"; within:800; sid:10000000; rev:1;)
--
Regards,
Balasubramaniam Natarajan
www.blog.etutorshop.com
------------------------------------------------------------------------------
Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012, HTML5, CSS,
MVC, Windows 8 Apps, JavaScript and much more. Keep your skills current
with LearnDevNow - 3,200 step-by-step video tutorials by Microsoft
MVPs and experts. ON SALE this month only -- learn more at:
http://p.sf.net/sfu/learnnow-d2d _______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
http://www.snort.org
Please visit http://blog.snort.org for the latest news about Snort!
 By Date 
By Thread
Current thread:
|
