Snort mailing list archives
Re: snort telnet login alert
From: Виталий Щетинин <sch_vitaliy () mail ru>
Date: Mon, 08 Sep 2014 06:36:25 +0400
Ok. Thank you Воскресенье, 7 сентября 2014 г., 22:57 +0400 от Shirkdog <shirkdog () gmail com>: Step three, profit. On Sep 7, 2014 2:56 PM, "Joel Esler (jesler)" < jesler () cisco com > wrote:
Capture a packet capture of what you are trying to detect. That's step one, step two is to attempt detection. Sounds like step one is still needed. -- Joel Esler iPhoneOn Sep 7, 2014, at 13:36, " lists () packetmail net " < lists () packetmail net > wrote:On 09/07/2014 11:06 AM, Виталий Щетинин wrote: Ok. We can forgot about my rule. How can I alert telnet login?Telnet, with respect to detecting authentication success/failure, is an unstructured protocol and login success and failure nomenclature will vary based on the daemon. Without a specific use case we will be unable to help you. Essentially you are asking the equivalent of "How can I detect a bad login over HTTP" -- do you mean auth-basic? Web application? What application? Cheers, Nathan ------------------------------------------------------------------------------ Slashdot TV. Video for Nerds. Stuff that matters. http://tv.slashdot.org/ _______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org Please visit http://blog.snort.org for the latest news about Snort!------------------------------------------------------------------------------ Slashdot TV. Video for Nerds. Stuff that matters. http://tv.slashdot.org/ _______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org Please visit http://blog.snort.org for the latest news about Snort!
------------------------------------------------------------------------------ Slashdot TV. Video for Nerds. Stuff that matters. http://tv.slashdot.org/ _______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org Please visit http://blog.snort.org for the latest news about Snort! ------------------------------------------------------------------------------ Want excitement? Manually upgrade your production database. When you want reliability, choose Perforce Perforce version control. Predictably reliable. http://pubads.g.doubleclick.net/gampad/clk?id=157508191&iu=/4140/ostg.clktrk _______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- snort telnet login alert Виталий Щетинин (Sep 07)
- Re: snort telnet login alert waldo kitty (Sep 07)
- Re: snort telnet login alert Виталий Щетинин (Sep 07)
- Re: snort telnet login alert lists () packetmail net (Sep 07)
- Re: snort telnet login alert Joel Esler (jesler) (Sep 07)
- Re: snort telnet login alert Shirkdog (Sep 07)
- Re: snort telnet login alert Виталий Щетинин (Sep 07)
- Re: snort telnet login alert Виталий Щетинин (Sep 07)
- Re: snort telnet login alert waldo kitty (Sep 07)