diff options
Diffstat (limited to 'usr/local/share/protocols/telnet.pat')
| -rw-r--r-- | usr/local/share/protocols/telnet.pat | 15 |
1 files changed, 15 insertions, 0 deletions
diff --git a/usr/local/share/protocols/telnet.pat b/usr/local/share/protocols/telnet.pat new file mode 100644 index 0000000..a93d17d --- /dev/null +++ b/usr/local/share/protocols/telnet.pat @@ -0,0 +1,15 @@ +# Telnet - Insecure remote login - RFC 854 +# Pattern attributes: good veryfast fast +# Protocol groups: remote_access obsolete ietf_internet_standard +# Wiki: http://www.protocolinfo.org/wiki/Telnet +# +# Usually runs on port 23 +# +# This pattern is lightly tested. + +telnet +# Matches at least three IAC (Do|Will|Don't|Won't) commands in a row. +# My telnet client sends 9 when I connect, so this should be fine. +# This pattern could fail on a unchatty connection or it could be +# matched by something non-telnet spewing a lot of stuff in the fb-ff range. +^\xff[\xfb-\xfe].\xff[\xfb-\xfe].\xff[\xfb-\xfe] |
