Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Snort and the Telnet Preprocessor

From: Chris Green <cmg () uab edu>
Date: 28 Aug 2001 21:50:27 -0500
Liam burke <lburke () lancomms ie> writes:

the telnet preprocessor (by telneting to a device, and entering wrong
password)
I don't see an alert.



alert TCP $INTERNAL 23 -> $EXTERNAL any (msg:
"IDS127/telnet_telnet-login-incorrect"; flags: A+; content: "Login
incorrect"; depth: 16; nocase; classtype: system-failed; reference:
arachnids,127;)

Nothing is apearing out of place in syslog, or in the startup of snort.


run snort in interactive sniffing mode ( -dev )  and see what the
packets coming back from the device look like

With that, we can help look at working on your rule
-- 
Chris Green <cmg () uab edu>
A watched process never cores.

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: