blob: cf10d0e13c8a75e20fe7ca42082bcdd64a80f34e (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
|
# Telnet - Insecure remote login - RFC 854
# Pattern attributes: good veryfast fast
# Protocol groups: remote_access obsolete ietf_internet_standard
# Wiki: http://www.protocolinfo.org/wiki/Telnet
# Copyright (C) 2008 Matthew Strait, Ethan Sommer; See ../LICENSE
#
# Usually runs on port 23
#
# This pattern is lightly tested.
telnet
# Matches at least three IAC (Do|Will|Don't|Won't) commands in a row.
# My telnet client sends 9 when I connect, so this should be fine.
# This pattern could fail on a unchatty connection or it could be
# matched by something non-telnet spewing a lot of stuff in the fb-ff range.
^\xff[\xfb-\xfe].\xff[\xfb-\xfe].\xff[\xfb-\xfe]
|
