1# NNTP - Network News Transfer Protocol - RFCs 977 and 2980 2# Pattern attributes: good veryfast fast 3# Protocol groups: ietf_proposed_standard 4# Wiki: http://www.protocolinfo.org/wiki/NNTP 5# 6# usually runs on port 119 7 8# This pattern is tested and is believed to work well (but could use 9# more testing). 10 11nntp 12# matches authorized login 13# OR 14# matches unauthorized login if the server says "news" after 200/201 15# (Half of the 2 servers I tested did :-), but they both required authorization 16# so it's quite possible that this pattern will miss some nntp traffic.) 17^(20[01][\x09-\x0d -~]*AUTHINFO USER|20[01][\x09-\x0d -~]*news) 18 19# same thing, slightly more accurate, but 100+ times slower 20#^20[01][\x09-\x0d -~]*\x0d\x0a[\x09-\x0d -~]*AUTHINFO USER|20[01][\x09-\x0d -~]*news 21