[Oisf-devel] Telnet decoding protocol w depth over Suricata question
rmkml
rmkml at yahoo.fr
Sun Dec 16 02:59:19 UTC 2012
Hi,
First, Congratulations for hard works with latest Suricata v1.4 !
Im continue my testing, and I have a question: When I use content w depth cause FN like this :
alert tcp any any -> any 23 (msg:"TELNET root test"; flow:to_server,established;
content:"root"; nocase; depth:4; offset:0; classtype:attempted-admin; sid:1; rev:1; )
Tested with "telnet" real linux client + writed "r"+"o"+"o"+"t" login
-> FN because Suricata not decode telnet record option cause wrong "offset".
Do you have planned telnet decoding on futur version please?
Snort fire on same test.
Best Regards
Rmkml
http://twitter.com/rmkml
More information about the Oisf-devel
mailing list