Snort mailing list archives
Re: Snort and the Telnet Preprocessor
From: Chris Green <cmg () uab edu>
Date: 28 Aug 2001 21:50:27 -0500
Liam burke <lburke () lancomms ie> writes:
the telnet preprocessor (by telneting to a device, and entering wrong password) I don't see an alert.
alert TCP $INTERNAL 23 -> $EXTERNAL any (msg: "IDS127/telnet_telnet-login-incorrect"; flags: A+; content: "Login incorrect"; depth: 16; nocase; classtype: system-failed; reference: arachnids,127;) Nothing is apearing out of place in syslog, or in the startup of snort.
run snort in interactive sniffing mode ( -dev ) and see what the packets coming back from the device look like With that, we can help look at working on your rule -- Chris Green <cmg () uab edu> A watched process never cores. _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort and the Telnet Preprocessor Liam burke (Aug 28)
- Re: Snort and the Telnet Preprocessor Chris Green (Aug 28)