root login with telnetd

Wojciech Puchar wojtek at
Sun Mar 11 07:41:28 UTC 2007

> alert tcp $TELNET_SERVERS 23 -> $EXTERNAL_NET any (msg:"TELNET root login"; 
> flow
> :from_server,established; content:"login|3A| root"; 
> classtype:suspicious-login;
> sid:719; rev:7;)

could you please tell me who will be snorting it on MY network?

> Of course, if you really want to do this, I agree with everyone else -- just 
> put your IP on this list, and we'll help you right on out. :-)
just answer my question, you VIM (very intelligent man).

More information about the freebsd-questions mailing list