[Snort-users] A rule for telnet commands

Neal Werner neals-posts at ...7776...
Tue Dec 17 07:42:34 EST 2002

I would like to write a rule for a specific telnet command (like the Cisco "enable" command for example).

But since telnet commands seem to be transmitted a character at a time a simple (...content:"enable";...) option will not work, so it seems that some reassembly is required.

Is it possible to write a rule to catch a specific telnet command?... and if so how?

Thanks in advance...

Sign-up for your own FREE Personalized E-mail at Mail.com

One click access to the Top Search Engines

More information about the Snort-users mailing list