[Snort-users] Need help with telnet
sepehr.ha at ...11827...
Sun Dec 25 03:26:01 EST 2016
I have problem with telnet commands that user is typing.
The server to client is ok, and i successfully get the alert with incoming
packets from server, witch i can drop.
The problem starts with telnet behavior witch sends every character one by
With stream5 i managed to get it work but i get the alert afther cmd
Witch I want is, to prevent cmd from execution (ips) and drop the packet
before is is executed.
For example: i want every time user try to execute "net user" cmd, drop
the connection before cmd executed on server.
Is there any configuration for this purpose with stream5 or ftp/telnet
processors. or any other configuration/rule?
I read entire docs, maybe i cant find!!?
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-users