Snort mailing list archives
A rule for telnet commands
From: "posts" <posts () linuxtowin com>
Date: Mon, 16 Dec 2002 11:50:41 -0800
I would like to write a rule for a specific telnet command (like the Cisco "enable" command for example). But since telnet commands seem to be transmitted a character at a time a simple (...content:"enable";...) option will not work, so it seems that some reassembly is required. Is it possible write a rule to catch a specific telnet command?... and if so how? Thanks! posts_AT_linuxtowin.com
Current thread:
- A rule for telnet commands posts (Dec 16)
- Re: A rule for telnet commands Matt Kettler (Dec 16)
- <Possible follow-ups>
- RE: A rule for telnet commands Steve Halligan (Dec 17)
- A rule for telnet commands Neal Werner (Dec 17)