[Snort-sigs] snorting telnet
bryan.irvine at ...1441...
Fri Aug 15 15:12:03 EDT 2003
I have a few older systems on my network that still run telnet on them,
and out of sheer curisosity I want to make a rule that will try to grab
the passwords, just to see if someone else on my network could grab
those passwords as well. What would be a good rule to sniff traffic on
say 4 or 5 servers only and all telnet traffic to them? Or is there a
rule already that sniff for telnet passwords?
These systems probably need to be upgraded to use ssh instead but I want
to be able to show that it's necessary to do it soon.
More information about the Snort-sigs