Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Content Inspection not working

From: Atul Shrivastava <atul_iet () yahoo com>
Date: Wed, 13 Nov 2002 01:29:41 -0800 (PST)
Hi All,

I have a problem regarding content inspection of SMTP
traffic. I have made the following rule, but only one
host is getting logged and that is some other machine.
Can anyone help me in this issue.

alert tcp any any -> any 25( sid: 1000001; rev: 1;
msg: "Content resume found in the mail"; flow:
to_server,established; content:"resume";)

When I test it from different hosts then only one host
gets logged, the others gets unlogged. They all are
from the same hub.

Thanks in advance.


=====

Regards and have a nice day,

                           Atul Shrivastava

 

 


__________________________________________________
Do you Yahoo!?
U2 on LAUNCH - Exclusive greatest hits videos
http://launch.yahoo.com/u2


-------------------------------------------------------
This sf.net email is sponsored by: Are you worried about 
your web server security? Click here for a FREE Thawte 
Apache SSL Guide and answer your Apache SSL security 
needs: http://www.gothawte.com/rd523.html
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: