Not able to block telnet command with snort

[Mitesh Jadia <mitesh.jadia () gmail com>]

Hello,

I have tried one rule like

drop tcp any any -> any 23 (msg:"telnet drop"; flow:established,to_server;
content:"abcd";nocase; nocase; sid:101010;)


when I wrote abcd and hit enter on telnet session snort could not drop it.
It seems like snort has reassembly problem with telnet. As per I have
debugged telnet preprocessor does not have paf flushing technique on
commands written from client. It just reassembles packet from client side
when random flush point generated at session init time.


Regards,
Mitesh Jadia

------------------------------------------------------------------------------
Want fast and easy access to all the code in your enterprise? Index and
search up to 200,000 lines of code with a free copy of Black Duck
Code Sight - the same software that powers the world's largest code
search on Ohloh, the Black Duck Open Hub! Try it now.
http://p.sf.net/sfu/bds

_______________________________________________
Snort-devel mailing list
Snort-devel () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-devel
Archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel

Please visit http://blog.snort.org for the latest news about Snort!