[Snort-sigs] snorting telnet

Bryan Irvine bryan.irvine at ...1441...
Fri Aug 15 15:12:03 EDT 2003


I have a few older systems on my network that still run telnet on them,
and out of sheer curisosity I want to make a rule that will try to grab
the passwords, just to see if someone else on my network could grab
those passwords as well.  What would be a good rule to sniff traffic on
say 4 or 5 servers only and all telnet traffic to them?  Or is there a
rule already that sniff for telnet passwords?

These systems probably need to be upgraded to use ssh instead but I want
to be able to show that it's necessary to do it soon.

--Bryan





More information about the Snort-sigs mailing list