[Snort-users] IDS127 TELNET - Login Incorrect
Keith.Pachulski at ...222...
Fri Sep 1 09:55:52 EDT 2000
I seem to be getting alot of false alerts with this rule "IDS127 TELNET -
Login Incorrect" with Snort on Redhat Linux 6.1, made a few changes to the
#alert tcp $HOME_NET 23 -> !$HOME_NET any (msg:"IDS127 TELNET - Login
Incorrect"; content:"Login incorrect";)
alert tcp $HOME_NET 23 -> !$HOME_NET any (msg:"IDS127 TELNET - NEW: Login
Incorrect"; content:"|4C 6F 67 69 6E 20 69 6E 63 6F 72 72
65 63 74|"; flags:PA; depth:15;)
So far it does not seem to be generating any false alerts while still
alerting on "actual" failed logins.
Network Security Engineer
PenTeleData Internet Services
Phone: (800) 281-3564 ext. 277
PGP Key: finger strmshdw at ...404...
"A Firewall is really much like a sophisticated traffic cop; it detects and
stops unauthorized or suspicious movement in or out of the network. But
security is more than a Firewall; it's a process. You can't just put in a
Firewall and think you're secure."
More information about the Snort-users