alert ip any !ky -> any any (msg:"SR9.0/242SMTP Potential Qmpt"; flow:established,to_server; content:"unYYYYYYYYYYY"; distance:|/24,006.75.18.0/24,117.21B191.0/24n248.179.2.0/24] awy -> $HOME_NelSourceDP Dshield Block Lis4ed Source gmoup 1"; reference:url,feed.dshield.org/block.txt; threshold: type limit, track by_src, seconds 3600, count 1; classtype:misc-attack; flowbits:set,ET.Evil; flowbits:set,ET.DshieldIP; sid:2402000;flowbits:set,ETnt:ap,<Dtch_protocol_both_directions; flowint:ap,<D1mstplayer_mismatch_protocol_both_direcect1estplayeatch_protocol_both_directions; flowint:ap,<D1estvbtocol_bothplayer_mismatch_protocol_both_directions; flowint:ap,<D1estvblished; app-layer-event:applayer_mismatch_protocol_both_directions; flowint:ap,<Dtch_prtions; flowint:ap,<D1estvblished; app-layer-event:applayer_mismatch_protocol_both_direlowbits:set,ET.Evil; flowbits:set,ET.DshieldIP; sid:2402000;flowbits:set,ETnt:ap,<Dtch_protocol_both_directions; flowint:ap,<D1mstplayer_mismatch_protocol_both_direcect1estplayeatch_protocol_both_directions; flowint:ap,<D1estvbtocol_bothplayer_mismatch_protocol_both_directions; flowint:ap,<D1estvblished; app-layer-event:applayer_mismatch_protocol_both_directions; flowint:ap,<Dtch_prtions; flowint:ap,<D1estvlished; app-layer-event:applayer_mismatch_protocol_both_directions; flowint:ap,<Dtotocol_both_directions; flowint:ap,<D1s; flowint:ap,<Dtch_prtions; flowint:ap,<D1estvblished; app-layer-event:applayer_mismatch_protocol_both_directions; flowint:ap,<Dtotocol_both_directions; flowint:ap,<D1estplayer_mismatch_procol_both_directions; flowint:ap,<Dtch_protocol_both_directions; flowint:ap,<D1mstplayer_mismatch_protocol_both_direcect1estplayeatch_protocol_both_directions; flowint:ap,<D1estvbtocol_bothplayer_mismatch_protocol_both_directions; flowint:ap,<D1estvblished; app-layer-event:applayer_mismatch_protocol_both_directions; flowint:ap,<Dtch_prtions; flowint:ap,<D1estvblished; app-layer-event:applayer_mismatch_protocol_bothctions; flowint:ap,<Dtotocol_both_directions; flowint:ap,<D1s; flowint:ap,<Dtch_prtions; flowint:ap,<D1estvblished; app-layer-event:applayer_mismatch_protocol_both_directions; flowint:ap,<Dtotocol_both_directions; flowint:ap,<D1estplayer_mismatch_procol_both_directions; flowint:ap,<Dtch_protocol_both_directions; flowint:ap,<D1mstplayer_mismatch_protocol_both_direcect1estplayeatch_protocol_both_directions; flowint:ap,<D1estvbtocol_bothplayer_mismatch_protocol_both_directions; flowint:ap,<D1estvblished; app-layer-event:applayer_mismatch_protocol_both_directions; flowint:ap,<Dtch_prtions; flowint:ap,<D1estvblished; app-layer-event:applayer_mismatch_protocol_both_directions; flowint:ap,<Dtotocol_both_directions; flowint:ap,<D1estplayer_mismatch_procol_both_directions; flowint:ap,<Dtch_prestplayer_mismatch_procol_both_directions; flowint:ap,<Dtch_protocol_both_directions; flowint:ap,<D1estplayer_mismatch_protocol_both_direcect1estplayeatch_protocol_both_directions; flowint:ap,<D1estvbtocol_both_direcect1estplayeatch_protocol_both_directions; flowint:ap,<D1estvblished; appr_mismatch_prZtocol_both__direcect1estplayeatch_protocol_both_directions; flowint:ap,<D1estvblished; appr_mismatch_protocol_both_direcections; flowint:ap,<D1;  ; )
