1
# Telnet - Insecure remote login - RFC 854
2
# Pattern quality: good veryfast
3
# Usually runs on port 23
5
# This pattern is lightly tested. If it does not work for you, or you
6
# believe it could be improved, please post to
7
# l7-filter-developers@lists.sf.net . This list may be subscribed to at
8
# http://lists.sourceforge.net/lists/listinfo/l7-filter-developers
11
# Matches at least three IAC (Do|Will|Don't|Won't) commands in a row.
12
# My telnet client sends 9 when I connect, so this should be fine.
13
# This pattern could fail on a unchatty connection or it could be
14
# matched by something non-telnet spewing a lot of stuff in the fb-ff range.
15
^\xff[\xfb-\xfe].\xff[\xfb-\xfe].\xff[\xfb-\xfe]