Feature #691: RF: Telnet decoding protocol over Suricata - Suricata - Open Information Security Foundation

Actions

Copy link

Feature #691

closed

RF: Telnet decoding protocol over Suricata

Added by rmkml rmkml over 11 years ago. Updated over 6 years ago.

Status:

Closed

Priority:

Normal

Assignee:

Target version:

Effort:

Difficulty:

Label:

Description

Hi,

First, Congratulations for hard works with latest Suricata v1.4 !

Im continue my testing, and I have a Request Feature: When I use content w depth cause FN like this :

alert tcp any any -> any 23 (msg:"TELNET root test"; flow:to_server,established;
content:"root"; nocase; depth:4; offset:0; classtype:attempted-admin; sid:1; rev:1; )

Tested with "telnet" real linux client + writed "r"+"o"+"o"+"t" login

-> FN because Suricata not decode telnet record option cause wrong "offset".
Do you have planned telnet decoding on futur version please?

Snort fire on same test.

Best Regards
Rmkml
http://twitter.com/rmkml

History
Notes
Property changes

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Suricata

Custom queries

Feature #691

RF: Telnet decoding protocol over Suricata

Updated by Anoop Saldanha over 11 years ago

Updated by Victor Julien over 10 years ago

Updated by Andreas Herz over 8 years ago

Updated by Andreas Herz about 7 years ago

Updated by Victor Julien over 6 years ago