Versions (4)
Version DetailsCurrent
Rev: 2 • May 10, 2021, 12:00 PMET INFO Possible Overflow Attempt - Abnormally Large SMTP EHLO Inbound
alert tcp-pkt any any -> [$HOME_NET,$HTTP_SERVERS,$SMTP_SERVERS] any (msg:"ET INFO Possible Overflow Attempt - Abnormally Large SMTP EHLO Inbound"; flow:established,to_server; content:"EHLO"; startswith; isdataat:1000,relative; classtype:bad-unknown; sid:2032926; rev:2; metadata:attack_target SMTP_Server, created_at 2021_05_10, deployment Perimeter, confidence Medium, signature_severity Informational, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2021_05_11;)
May 10, 2021, 12:00 PM
May 11, 2021, 12:00 PM
Sep 21, 2024, 3:00 AM
Sep 11, 2025, 9:34 PM
rules/emerging-info.rules