[Snort-sigs] Microsoft Telnet Server

g.coochey at ...138... g.coochey at ...138...
Tue Feb 12 02:21:02 EST 2002

Following the reported vulnerability in Microsoft's Telnet Services you may want to include a rule such as:

alert tcp any 23 -> any any (msg:"INFO Microsoft Telnet Service"; flags: A ; content: "Microsoft Telnet";classtype:misc-activity; rev:1;)

This will identify the Microsoft Telnet Service on Windows 2000. If anyone has improvements to reduce false-positives then I'd like to hear them.


Giles Coochey

More information about the Snort-sigs mailing list