Actions
Feature #691
closedRF: Telnet decoding protocol over Suricata
Status:
Closed
Priority:
Normal
Assignee:
-
Target version:
-
Effort:
Difficulty:
Label:
Description
Hi,
First, Congratulations for hard works with latest Suricata v1.4 !
Im continue my testing, and I have a Request Feature: When I use content w depth cause FN like this :
alert tcp any any -> any 23 (msg:"TELNET root test"; flow:to_server,established;
content:"root"; nocase; depth:4; offset:0; classtype:attempted-admin; sid:1; rev:1; )
Tested with "telnet" real linux client + writed "r"+"o"+"o"+"t" login
-> FN because Suricata not decode telnet record option cause wrong "offset".
Do you have planned telnet decoding on futur version please?
Snort fire on same test.
Best Regards
Rmkml
http://twitter.com/rmkml
Actions