diff options
Diffstat (limited to 'src/usr/local/share/protocols/telnet.pat')
| -rw-r--r-- | src/usr/local/share/protocols/telnet.pat | 16 |
1 files changed, 16 insertions, 0 deletions
diff --git a/src/usr/local/share/protocols/telnet.pat b/src/usr/local/share/protocols/telnet.pat new file mode 100644 index 0000000..cf10d0e --- /dev/null +++ b/src/usr/local/share/protocols/telnet.pat @@ -0,0 +1,16 @@ +# Telnet - Insecure remote login - RFC 854 +# Pattern attributes: good veryfast fast +# Protocol groups: remote_access obsolete ietf_internet_standard +# Wiki: http://www.protocolinfo.org/wiki/Telnet +# Copyright (C) 2008 Matthew Strait, Ethan Sommer; See ../LICENSE +# +# Usually runs on port 23 +# +# This pattern is lightly tested. + +telnet +# Matches at least three IAC (Do|Will|Don't|Won't) commands in a row. +# My telnet client sends 9 when I connect, so this should be fine. +# This pattern could fail on a unchatty connection or it could be +# matched by something non-telnet spewing a lot of stuff in the fb-ff range. +^\xff[\xfb-\xfe].\xff[\xfb-\xfe].\xff[\xfb-\xfe] |
