[Snort-sigs] snort telnet login alert

lists at ...3397... lists at ...3397...
Sun Sep 7 13:33:12 EDT 2014


On 09/07/2014 11:06 AM, Виталий Щетинин wrote:
> Ok. We can forgot about my rule. How can I alert telnet login?

Telnet, with respect to detecting authentication success/failure, is an
unstructured protocol and login success and failure nomenclature will vary based
on the daemon.  Without a specific use case we will be unable to help you.
Essentially you are asking the equivalent of "How can I detect a bad login over
HTTP" -- do you mean auth-basic?  Web application?  What application?

Cheers,
Nathan




More information about the Snort-sigs mailing list