Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Snort and the Telnet Preprocessor

From: Liam burke <lburke () lancomms ie>
Date: Tue, 28 Aug 2001 18:46:30 +0100
Hi There,

I have just run up Snort v. 1.8.1 and all seems to be well, however when I
test 
the telnet preprocessor (by telneting to a device, and entering wrong
password)
I don't see an alert.

Here's some snips...

<snip snort.conf (from vision.conf>

preprocessor telnet_decode

and the rule...

alert TCP $INTERNAL 23 -> $EXTERNAL any (msg:
"IDS127/telnet_telnet-login-incorrect"; flags: A+; content: "Login
incorrect"; depth: 16; nocase; classtype: system-failed; reference:
arachnids,127;)


Nothing is apearing out of place in syslog, or in the startup of snort.


Can anyone help?

More info available if needed.

Thanks and regards.

LB

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: