[Snort-users] A rule for telnet commands
neals-posts at ...7776...
Tue Dec 17 07:42:34 EST 2002
I would like to write a rule for a specific telnet command (like the Cisco "enable" command for example).
But since telnet commands seem to be transmitted a character at a time a simple (...content:"enable";...) option will not work, so it seems that some reassembly is required.
Is it possible to write a rule to catch a specific telnet command?... and if so how?
Thanks in advance...
Sign-up for your own FREE Personalized E-mail at Mail.com
One click access to the Top Search Engines
More information about the Snort-users