[Snort-users] A rule for telnet commands

Neal Werner neals-posts at ...7776...
Tue Dec 17 07:42:34 EST 2002


I would like to write a rule for a specific telnet command (like the Cisco "enable" command for example).

But since telnet commands seem to be transmitted a character at a time a simple (...content:"enable";...) option will not work, so it seems that some reassembly is required.

Is it possible to write a rule to catch a specific telnet command?... and if so how?


Thanks in advance...
-Neal

-- 
__________________________________________________________
Sign-up for your own FREE Personalized E-mail at Mail.com
http://www.mail.com/?sr=signup

One click access to the Top Search Engines
http://www.exactsearchbar.com/mailcom





More information about the Snort-users mailing list