Date: Sun, 11 Mar 2007 08:15:35 +0100 (CET) From: Wojciech Puchar <wojtek@tensor.gdynia.pl> To: alex@schnarff.com Cc: freebsd-questions@freebsd.org Subject: Re: root login with telnetd Message-ID: <20070311081449.V66000@chylonia.3miasto.net> In-Reply-To: <20070310191814.l15cskkoqsgsosks@mail.schnarff.com> References: <20070310224946.K10353@chylonia.3miasto.net> <200703101338.22384.beech@alaskaparadise.com> <20070310191814.l15cskkoqsgsosks@mail.schnarff.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> alert tcp $TELNET_SERVERS 23 -> $EXTERNAL_NET any (msg:"TELNET root login"; > flow > :from_server,established; content:"login|3A| root"; > classtype:suspicious-login; > sid:719; rev:7;) > could you please tell me who will be snorting it on MY network? > Of course, if you really want to do this, I agree with everyone else -- just > put your IP on this list, and we'll help you right on out. :-) > just answer my question, you VIM (very intelligent man).
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20070311081449.V66000>