Project

General

Profile

Actions
Copy link

Feature #691

closed

RF: Telnet decoding protocol over Suricata

Added by rmkml rmkml over 11 years ago. Updated over 6 years ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Target version:
-
Effort:
Difficulty:
Label:

Description

Hi,

First, Congratulations for hard works with latest Suricata v1.4 !

Im continue my testing, and I have a Request Feature: When I use content w depth cause FN like this :

alert tcp any any -> any 23 (msg:"TELNET root test"; flow:to_server,established;
content:"root"; nocase; depth:4; offset:0; classtype:attempted-admin; sid:1; rev:1; )

Tested with "telnet" real linux client + writed "r"+"o"+"o"+"t" login

-> FN because Suricata not decode telnet record option cause wrong "offset".
Do you have planned telnet decoding on futur version please?

Snort fire on same test.

Best Regards
Rmkml
http://twitter.com/rmkml

Actions
Copy link
 #1

Updated by Anoop Saldanha over 11 years ago

The FN has nothing to do with decoding telnet protocol, afai see it.

Can you attach your pcap?

Actions
Copy link
 #2

Updated by Victor Julien over 10 years ago

  • Target version set to TBD
Actions
Copy link
 #3

Updated by Andreas Herz over 8 years ago

  • Assignee set to Anonymous
Actions
Copy link
 #4

Updated by Andreas Herz almost 7 years ago

  • Status changed from New to Closed

Reopen with an attached pcap please.

Actions
Copy link
 #5

Updated by Victor Julien over 6 years ago

  • Target version deleted (TBD)
Actions
Copy link

Also available in: Atom PDF