Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Detecting telnet connections with TERM=xxx set

From: "Sven Huster" <sven.huster () hosteurope com>
Date: Fri, 22 Nov 2002 15:53:52 -0000
Hi there

I wanted to alter on connection which have set TERM to e.g. xxx
So I tried:
alter tcp $EXTERNAL_NET any -> $HOME_NET 23 (msg:"does not really matter"; content:"|fffa 1800|"; tag: session, 1000, 
packets;)

But the f$%^ thing does not work as soon as I put the content option in.
I got no idea why this does not work.

Can someone at least point me to some info about debugging rules.

Thanks
Regards
--
Sven Huster
Systems Administrator


-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: