[prev in list] [next in list] [prev in thread] [next in thread]
List: snort-users
Subject: Re: [Snort-users] =?big5?b?pl7OYKFHIE5lZWQgaGVscCB3aXRoIHRlbG5ldA==?=
From: "Joel Esler (jesler)" <jesler () cisco ! com>
Date: 2016-12-25 16:40:13
Message-ID: FBABA223-7A7C-4CFA-9D94-38C88D12A71B () cisco ! com
[Download RAW message or body]
[Attachment #2 (text/plain)]
It is a generally accepted practice to speak English on this list.
--
Sent from my iPhone
On Dec 25, 2016, at 5:48 AM, eagleliujin \
<eagleliujin@163.com<mailto:eagleliujin@163.com>> wrote:
i am sorry,i cant exactly understand you.i dont know your problem.could you please \
speak chinese?
在 sepehr hashtroudilar \
<sepehr.ha@gmail.com<mailto:sepehr.ha@gmail.com>>,2016年12月25日 下午4:28?道:
Hi,
I have problem with telnet commands that user is typing.
The server to client is ok, and i successfully get the alert with incoming packets \
from server, witch i can drop. The problem starts with telnet behavior witch sends \
every character one by one. With stream5 i managed to get it work but i get the alert \
afther cmd executed. Witch I want is, to prevent cmd from execution (ips) and drop \
the packet before is is executed.
For example: i want every time user try to execute "net user" cmd, drop the \
connection before cmd executed on server. Is there any configuration for this purpose \
with stream5 or ftp/telnet processors. or any other configuration/rule? I read \
entire docs, maybe i cant find!!?
------------------------------------------------------------------------------
Developer Access Program for Intel Xeon Phi Processors
Access to Intel Xeon Phi processor-based developer platforms.
With one year of Intel Parallel Studio XE.
Training and support from Colfax.
Order your platform today.http://sdm.link/intel
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net<mailto:Snort-users@lists.sourceforge.net>
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
Please visit http://blog.snort.org to stay current on all the latest Snort news!
[Attachment #3 (text/html)]
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=big5">
</head>
<body dir="auto">
<div>It is a generally accepted practice to speak English on this list. <br>
<br>
--
<div>Sent from my iPhone</div>
</div>
<div><br>
On Dec 25, 2016, at 5:48 AM, eagleliujin <<a \
href="mailto:eagleliujin@163.com">eagleliujin@163.com</a>> wrote:<br> <br>
</div>
<blockquote type="cite">
<div>
<p dir="ltr">i am sorry,i cant exactly understand you.i dont know your problem.could \
you please speak chinese?</p> 在 sepehr hashtroudilar <<a \
href="mailto:sepehr.ha@gmail.com">sepehr.ha@gmail.com</a>>,2016年12月25日 \
下午4:28写道:<br type="attribution"> <blockquote class="quote" style="margin:0 \
0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"> <p></p>
Hi,
<div>I have problem with telnet commands that user is typing. </div>
<div>The server to client is ok, and i successfully get the alert with incoming \
packets from server, witch i can drop.</div> <div>The problem starts with telnet \
behavior witch sends every character one by one.</div> <div>With stream5 i managed to \
get it work but i get the alert afther cmd executed. </div> <div>Witch I want \
is, to prevent cmd from execution (ips) and drop the packet before is is \
executed.</div> <div><br>
</div>
<div>For example: i want every time user try to execute "net user" cmd, \
drop the connection before cmd executed on server. </div> <div>Is there \
any configuration for this purpose with stream5 or ftp/telnet processors. or \
any other configuration/rule?</div> <div>I read entire docs, maybe i cant \
find!!?</div> </blockquote>
</div>
</blockquote>
<blockquote type="cite">
<div><span>------------------------------------------------------------------------------</span><br>
<span>Developer Access Program for Intel Xeon Phi Processors</span><br>
<span>Access to Intel Xeon Phi processor-based developer platforms.</span><br>
<span>With one year of Intel Parallel Studio XE.</span><br>
<span>Training and support from Colfax.</span><br>
<span>Order your platform today.<a \
href="http://sdm.link/intel">http://sdm.link/intel</a></span></div> </blockquote>
<blockquote type="cite">
<div><span>_______________________________________________</span><br>
<span>Snort-users mailing list</span><br>
<span><a href="mailto:Snort-users@lists.sourceforge.net">Snort-users@lists.sourceforge.net</a></span><br>
<span>Go to this URL to change user options or unsubscribe:</span><br>
<span><a href="https://lists.sourceforge.net/lists/listinfo/snort-users">https://lists.sourceforge.net/lists/listinfo/snort-users</a></span><br>
<span>Snort-users list archive:</span><br>
<span><a href="http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users">http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users</a></span><br>
<span></span><br>
<span>Please visit <a href="http://blog.snort.org">http://blog.snort.org</a> to stay \
current on all the latest Snort news!</span></div> </blockquote>
</body>
</html>
[Attachment #4 (--===============0446337183616502908==)]
------------------------------------------------------------------------------
Developer Access Program for Intel Xeon Phi Processors
Access to Intel Xeon Phi processor-based developer platforms.
With one year of Intel Parallel Studio XE.
Training and support from Colfax.
Order your platform today.http://sdm.link/intel
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
Please visit http://blog.snort.org to stay current on all the latest Snort news!
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic