1# Telnet - Insecure remote login - RFC 854 2# Pattern attributes: good veryfast fast 3# Protocol groups: remote_access obsolete ietf_internet_standard 4# Wiki: http://www.protocolinfo.org/wiki/Telnet 5# 6# Usually runs on port 23 7# 8# This pattern is lightly tested. 9 10telnet 11# Matches at least three IAC (Do|Will|Don't|Won't) commands in a row. 12# My telnet client sends 9 when I connect, so this should be fine. 13# This pattern could fail on a unchatty connection or it could be 14# matched by something non-telnet spewing a lot of stuff in the fb-ff range. 15^\xff[\xfb-\xfe].\xff[\xfb-\xfe].\xff[\xfb-\xfe] 16