[Snort-users] A rule for telnet commands

posts posts at ...7765...
Mon Dec 16 11:51:05 EST 2002


I would like to write a rule for a specific telnet command (like the Cisco "enable" command for example).

But since telnet commands seem to be transmitted a character at a time a simple (...content:"enable";...) option will not work, so it seems that some reassembly is required.

Is it possible write a rule to catch a specific telnet command?... and if so how?


Thanks!

posts_AT_linuxtowin.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20021216/04d7aa98/attachment.html>


More information about the Snort-users mailing list