[Snort-sigs] snort telnet login alert

Shirkdog shirkdog at ...2420...
Sun Sep 7 14:57:33 EDT 2014


Step three, profit.
On Sep 7, 2014 2:56 PM, "Joel Esler (jesler)" <jesler at ...3865...> wrote:

> Capture a packet capture of what you are trying to detect.  That's step
> one, step two is to attempt detection.
>
> Sounds like step one is still needed.
>
> --
> Joel Esler
> iPhone
>
> > On Sep 7, 2014, at 13:36, "lists at ...3397..." <lists at ...3397...>
> wrote:
> >
> >> On 09/07/2014 11:06 AM, Виталий Щетинин wrote:
> >> Ok. We can forgot about my rule. How can I alert telnet login?
> >
> > Telnet, with respect to detecting authentication success/failure, is an
> > unstructured protocol and login success and failure nomenclature will
> vary based
> > on the daemon.  Without a specific use case we will be unable to help
> you.
> > Essentially you are asking the equivalent of "How can I detect a bad
> login over
> > HTTP" -- do you mean auth-basic?  Web application?  What application?
> >
> > Cheers,
> > Nathan
> >
> >
> ------------------------------------------------------------------------------
> > Slashdot TV.
> > Video for Nerds.  Stuff that matters.
> > http://tv.slashdot.org/
> > _______________________________________________
> > Snort-sigs mailing list
> > Snort-sigs at lists.sourceforge.net
> > https://lists.sourceforge.net/lists/listinfo/snort-sigs
> > http://www.snort.org
> >
> >
> > Please visit http://blog.snort.org for the latest news about Snort!
>
>
> ------------------------------------------------------------------------------
> Slashdot TV.
> Video for Nerds.  Stuff that matters.
> http://tv.slashdot.org/
> _______________________________________________
> Snort-sigs mailing list
> Snort-sigs at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/snort-sigs
> http://www.snort.org
>
>
> Please visit http://blog.snort.org for the latest news about Snort!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20140907/fbd5a21e/attachment.html>


More information about the Snort-sigs mailing list