This is an actual email.
Names have not been posted to protect the innocent.
"Looking for some information on the rule below. I'm not exactly sure what
it is looking for, but it seems to me that anything in SMTP_SERVES to
everything but HOME_NET with the syn flag set to a destination on port 25
will trigger this, it that correct? I am receiving a lot of noise form
this, but looking at the packet information, there's nothing there. I'm
really concerned with this type of alert because some of our exchange
servers are sending tcp syn's to destinations they should not send to,
i.e. other countries. Can I get some clarification on this specific rule?
I can't understand why an exchange server would send this type of data
unless it is also sending emails as well."
My god.
Subscribe to:
Post Comments (Atom)
A shortcut to make a PDF out of a webpage and save it to Notes.app
While on MacOS (and iOS) you can use the Share Sheet from Safari to share a webpage to Notes, it only shares the title, URL, and the favicon...
-
Without going off the deep-end here and discussing every single Snort rule keyword, I just wanted to touch on a few modifiers that people so...
-
While on MacOS (and iOS) you can use the Share Sheet from Safari to share a webpage to Notes, it only shares the title, URL, and the favicon...
-
National Post Damn this makes me mad. The Runaway Bride is going to cash in... grrr..
No comments:
Post a Comment