Snort mailing list archives

A rule for telnet commands

From: "posts" <posts () linuxtowin com>
Date: Mon, 16 Dec 2002 11:50:41 -0800

I would like to write a rule for a specific telnet command (like the Cisco "enable" command for example).

But since telnet commands seem to be transmitted a character at a time a simple (...content:"enable";...) option will 
not work, so it seems that some reassembly is required.

Is it possible write a rule to catch a specific telnet command?... and if so how?


Thanks!

posts_AT_linuxtowin.com

Current thread:

A rule for telnet commands posts (Dec 16)
- Re: A rule for telnet commands Matt Kettler (Dec 16)
- <Possible follow-ups>
- RE: A rule for telnet commands Steve Halligan (Dec 17)
- A rule for telnet commands Neal Werner (Dec 17)