Actions
Feature #691
closedRF: Telnet decoding protocol over Suricata
Status:
Closed
Priority:
Normal
Assignee:
-
Target version:
-
Effort:
Difficulty:
Label:
Description
Hi,
First, Congratulations for hard works with latest Suricata v1.4 !
Im continue my testing, and I have a Request Feature: When I use content w depth cause FN like this :
alert tcp any any -> any 23 (msg:"TELNET root test"; flow:to_server,established;
content:"root"; nocase; depth:4; offset:0; classtype:attempted-admin; sid:1; rev:1; )
Tested with "telnet" real linux client + writed "r"+"o"+"o"+"t" login
-> FN because Suricata not decode telnet record option cause wrong "offset".
Do you have planned telnet decoding on futur version please?
Snort fire on same test.
Best Regards
Rmkml
http://twitter.com/rmkml
Updated by Anoop Saldanha over 11 years ago
The FN has nothing to do with decoding telnet protocol, afai see it.
Can you attach your pcap?
Updated by Andreas Herz almost 7 years ago
- Status changed from New to Closed
Reopen with an attached pcap please.
Actions