[Snort-sigs] snort telnet login alert

Виталий Щетинин sch_vitaliy at ...3783...
Sun Sep 7 22:36:25 EDT 2014


Ok. Thank you

Воскресенье, 7 сентября 2014 г., 22:57 +0400 от Shirkdog  <shirkdog at ...2420...>:
Step three, profit.
On Sep 7, 2014 2:56 PM, "Joel Esler (jesler)" < jesler at ...3865... > wrote:
>Capture a packet capture of what you are trying to detect.  That's step one, step two is to attempt detection.
>
>Sounds like step one is still needed.
>
>--
>Joel Esler
>iPhone
>
>> On Sep 7, 2014, at 13:36, " lists at ...3397... " < lists at ...3397... > wrote:
>>
>>> On 09/07/2014 11:06 AM, Виталий Щетинин wrote:
>>> Ok. We can forgot about my rule. How can I alert telnet login?
>>
>> Telnet, with respect to detecting authentication success/failure, is an
>> unstructured protocol and login success and failure nomenclature will vary based
>> on the daemon.  Without a specific use case we will be unable to help you.
>> Essentially you are asking the equivalent of "How can I detect a bad login over
>> HTTP" -- do you mean auth-basic?  Web application?  What application?
>>
>> Cheers,
>> Nathan
>>
>> ------------------------------------------------------------------------------
>> Slashdot TV.
>> Video for Nerds.  Stuff that matters.
>>  http://tv.slashdot.org/
>> _______________________________________________
>> Snort-sigs mailing list
>>  Snort-sigs at lists.sourceforge.net
>>  https://lists.sourceforge.net/lists/listinfo/snort-sigs
>>  http://www.snort.org
>>
>>
>> Please visit  http://blog.snort.org for the latest news about Snort!
>
>------------------------------------------------------------------------------
>Slashdot TV.
>Video for Nerds.  Stuff that matters.
>http://tv.slashdot.org/
>_______________________________________________
>Snort-sigs mailing list
>Snort-sigs at lists.sourceforge.net
>https://lists.sourceforge.net/lists/listinfo/snort-sigs
>http://www.snort.org
>
>
>Please visit  http://blog.snort.org for the latest news about Snort!
------------------------------------------------------------------------------
Slashdot TV.
Video for Nerds.  Stuff that matters.
http://tv.slashdot.org/
_______________________________________________
Snort-sigs mailing list
Snort-sigs at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
http://www.snort.org

Please visit  http://blog.snort.org for the latest news about Snort!


More information about the Snort-sigs mailing list