Snort mailing list archives
Snort and the Telnet Preprocessor
From: Liam burke <lburke () lancomms ie>
Date: Tue, 28 Aug 2001 18:46:30 +0100
Hi There, I have just run up Snort v. 1.8.1 and all seems to be well, however when I test the telnet preprocessor (by telneting to a device, and entering wrong password) I don't see an alert. Here's some snips... <snip snort.conf (from vision.conf> preprocessor telnet_decode and the rule... alert TCP $INTERNAL 23 -> $EXTERNAL any (msg: "IDS127/telnet_telnet-login-incorrect"; flags: A+; content: "Login incorrect"; depth: 16; nocase; classtype: system-failed; reference: arachnids,127;) Nothing is apearing out of place in syslog, or in the startup of snort. Can anyone help? More info available if needed. Thanks and regards. LB _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort and the Telnet Preprocessor Liam burke (Aug 28)
- Re: Snort and the Telnet Preprocessor Chris Green (Aug 28)