[Snort-users] Snort Alert Content Telnet
kaihansen at ...7874...
Thu Apr 17 09:53:05 EDT 2003
I'm trying to catch content on telnet packets, but I've some problem
I've tried this rule
alert tcp any any -> any 23 (msg "TEST"; content "test"; rawbytes;
then I try to telnet to my router and issue test command, but there
are any alarm ...
If I "invert" rule
alert tcp any 23 -> any any (msg "TEST"; content "test"; rawbytes;
when router reply with "Translating error for test"
then snort send an alarm ...
I've tried with tcpdump on the same interface where snort works, and
packets come in correctly ...
I don't know why ... any idea? I'm using snort 1.9.1
PS: sorry for duplicates ....
Email.it, the professional e-mail, gratis per te: http://www.email.it/f
Consigli su piante, fiori e bonsai? Affidati a Mr. Green, clicca qui!
Clicca qui: http://adv.email.it/cgi-bin/foclick.cgi?mid=749&d=17-4
More information about the Snort-users