Since there was a lot of interest in the BugBear rules I posted earlier, here are the SoBig.C TRONS rules for RealSecure 7.0.
alert tcp any any -> any 25 (msg:"SoBig";content:"movie.pif";sid:1;rev:1;) alert tcp any any -> any 25 (msg:"SoBig";content:"submited.pif";sid:1;rev:1;) alert tcp any any -> any 25 (msg:"SoBig";content:"45443.pif";sid:1;rev:1;) alert tcp any any -> any 25 (msg:"SoBig";content:"documents.pif";sid:1;rev:1;) alert tcp any any -> any 25 (msg:"SoBig";content:"approved.pif";sid:1;rev:1;) alert tcp any any -> any 25 (msg:"SoBig";content:"application.pif";sid:1;rev:1;) alert tcp any any -> any 25 (msg:"SoBig";content:"document.pif";sid:1;rev:1;) -------------------------------------------------------------- Chris Rouland Vice President X-Force R&D Internet Security Systems, Inc. http://xforce.iss.net [EMAIL PROTECTED] _______________________________________________ ISSForum mailing list [EMAIL PROTECTED] TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo
