ET INFO Possible Overflow Attempt - Abnormally Large SMTP EHLO Inbound - Suricata Rule 2032926 (et/open)

ET INFO Possible Overflow Attempt - Abnormally Large SMTP EHLO Inbound

SID: 2032926Rev: 20 viewsHistory

Sourceet/open

CreatedMay 10, 2021

UpdatedMay 11, 2021

Classificationbad-unknown

alert tcp-pkt any any -> [$HOME_NET,$HTTP_SERVERS,$SMTP_SERVERS] any (msg:"ET INFO Possible Overflow Attempt - Abnormally Large SMTP EHLO Inbound"; flow:established,to_server; content:"EHLO"; startswith; isdataat:1000,relative; classtype:bad-unknown; sid:2032926; rev:2; metadata:attack_target SMTP_Server, created_at 2021_05_10, deployment Perimeter, confidence Medium, signature_severity Informational, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2021_05_11;)

Metadata

attack targetSMTP_Server

created at2021_05_10

deploymentPerimeter

confidenceMedium

signature severityInformational

tagDescription_Generated_By_Proofpoint_Nexus

updated at2021_05_11

Comments (0)

Please sign in to leave a comment.

No comments yet. Be the first to comment!