[Snort-sigs] Novell Rconj Rules
Andy at ...31...
Mon Mar 12 10:08:24 EST 2001
alert tcp any 2034 -> any any (msg:"Novell RCONJ to
alert tcp any 2034 -> any any (msg:"Novell RCONJ Invalid
These rules monitor both Inbound and Outbound RconJ sessions. I dunno
if everyone wants to see outbound traffic, I do as a Novell Service
shop, however the first any could be changed to HOME_NET.
Matrix Integration, LLC
More information about the Snort-sigs