Snort mailing list archives
Not able to block telnet command with snort
From: Mitesh Jadia <mitesh.jadia () gmail com>
Date: Fri, 18 Jul 2014 18:18:43 +0530
Hello, I have tried one rule like drop tcp any any -> any 23 (msg:"telnet drop"; flow:established,to_server; content:"abcd";nocase; nocase; sid:101010;) when I wrote abcd and hit enter on telnet session snort could not drop it. It seems like snort has reassembly problem with telnet. As per I have debugged telnet preprocessor does not have paf flushing technique on commands written from client. It just reassembles packet from client side when random flush point generated at session init time. Regards, Mitesh Jadia
------------------------------------------------------------------------------ Want fast and easy access to all the code in your enterprise? Index and search up to 200,000 lines of code with a free copy of Black Duck Code Sight - the same software that powers the world's largest code search on Ohloh, the Black Duck Open Hub! Try it now. http://p.sf.net/sfu/bds
_______________________________________________ Snort-devel mailing list Snort-devel () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-devel Archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- Not able to block telnet command with snort Mitesh Jadia (Jul 18)