Snort mailing list archives
A rule for telnet commands
From: "Neal Werner" <neals-posts () post com>
Date: Wed, 11 Dec 2002 14:48:38 -0800
I would like to write a rule for a specific telnet command (like the Cisco "enable" command for example). But since telnet commands seem to be transmitted a character at a time a simple (...content:"enable";...) option will not work, so it seems that some reassembly is required. Is it possible to write a rule to catch a specific telnet command?... and if so how? Thanks in advance... -Neal -- __________________________________________________________ Sign-up for your own FREE Personalized E-mail at Mail.com http://www.mail.com/?sr=signup One click access to the Top Search Engines http://www.exactsearchbar.com/mailcom ------------------------------------------------------- This sf.net email is sponsored by: With Great Power, Comes Great Responsibility Learn to use your power at OSDN's High Performance Computing Channel http://hpc.devchannel.org/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- A rule for telnet commands posts (Dec 16)
- Re: A rule for telnet commands Matt Kettler (Dec 16)
- <Possible follow-ups>
- RE: A rule for telnet commands Steve Halligan (Dec 17)
- A rule for telnet commands Neal Werner (Dec 17)