New Snort rule for detection and prevention of SMTP e-mail bomb attacks

Abstract

Cyberattacks on networks are launched in every moment nowadays. Due to the advancement of digitalization and technology, these types of attacks are present in our lives, whether we are aware of them or not, they still exist. E-mail bomb attacks are listed as cyberattacks, which can create difficulties in the telecommunication sector because they target services that will be disrupted and be harder to access. In definition, an e-mail bomb involves the process of sending a large number of e-mails to a specific server or person. A very powerful open-source tool that can handle this situation is Snort [1], which is used as a solution to identify this network attack. Additionally, with Snort, this paper presents a custom rule proposed to show promising results in detecting this kind of attack.