Snort mailing list archives
Re: snort telnet login alert
From: Shirkdog <shirkdog () gmail com>
Date: Sun, 7 Sep 2014 14:57:33 -0400
Step three, profit. On Sep 7, 2014 2:56 PM, "Joel Esler (jesler)" <jesler () cisco com> wrote:
Capture a packet capture of what you are trying to detect. That's step one, step two is to attempt detection. Sounds like step one is still needed. -- Joel Esler iPhoneOn Sep 7, 2014, at 13:36, "lists () packetmail net" <lists () packetmail net>wrote:On 09/07/2014 11:06 AM, Виталий Щетинин wrote: Ok. We can forgot about my rule. How can I alert telnet login?Telnet, with respect to detecting authentication success/failure, is an unstructured protocol and login success and failure nomenclature willvary basedon the daemon. Without a specific use case we will be unable to helpyou.Essentially you are asking the equivalent of "How can I detect a badlogin overHTTP" -- do you mean auth-basic? Web application? What application? Cheers, Nathan------------------------------------------------------------------------------Slashdot TV. Video for Nerds. Stuff that matters. http://tv.slashdot.org/ _______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org Please visit http://blog.snort.org for the latest news about Snort!------------------------------------------------------------------------------ Slashdot TV. Video for Nerds. Stuff that matters. http://tv.slashdot.org/ _______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org Please visit http://blog.snort.org for the latest news about Snort!
------------------------------------------------------------------------------ Slashdot TV. Video for Nerds. Stuff that matters. http://tv.slashdot.org/
_______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- snort telnet login alert Виталий Щетинин (Sep 07)
- Re: snort telnet login alert waldo kitty (Sep 07)
- Re: snort telnet login alert Виталий Щетинин (Sep 07)
- Re: snort telnet login alert lists () packetmail net (Sep 07)
- Re: snort telnet login alert Joel Esler (jesler) (Sep 07)
- Re: snort telnet login alert Shirkdog (Sep 07)
- Re: snort telnet login alert Виталий Щетинин (Sep 07)
- Re: snort telnet login alert Виталий Щетинин (Sep 07)
- Re: snort telnet login alert waldo kitty (Sep 07)