[Oisf-users] Alert on unencrypted IMAP/POP3 traffic

jt jtfas90 at gmail.com
Tue Oct 1 00:19:02 UTC 2019


On Mon, 2019-09-30 at 14:28 -0600, Orion Poplawski wrote:
> I'd like to alert on unencrypted IMAP/POP3 traffic.  I don't notice
> this being
> part of the standard suricata rule set.  Anyone have any rules for
> this or
> know where some might be?  Thanks!

Emerging Threats open ruleset has some POP3 and IMAP rules.
https://rules.emergingthreats.net/open/

If there's a specific CVE or something it's possible PT Research has
something.
https://github.com/ptresearch/AttackDetection

Probably heresy on this list :) but vrt/snort has some imap/pop rules
as well in their open set.
https://www.snort.org/downloads#rules

JT


> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: 
> http://suricata-ids.org/support/
> List: 
> https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> 
> Conference: https://suricon.net
> Trainings: https://suricata-ids.org/training/



More information about the Oisf-users mailing list