|
1
|
# NNTP - Network News Transfer Protocol - RFCs 977 and 2980
|
|
2
|
# Pattern attributes: good fast fast
|
|
3
|
# Protocol groups: ietf_proposed_standard
|
|
4
|
# Wiki: http://www.protocolinfo.org/wiki/NNTP
|
|
5
|
# Copyright (C) 2008 Matthew Strait, Ethan Sommer; See ../LICENSE
|
|
6
|
#
|
|
7
|
# usually runs on port 119
|
|
8
|
|
|
9
|
# This pattern is tested and is believed to work well (but could use
|
|
10
|
# more testing).
|
|
11
|
|
|
12
|
nntp
|
|
13
|
# matches authorized login
|
|
14
|
# OR
|
|
15
|
# matches unauthorized login if the server says "news" after 200/201
|
|
16
|
# (Half of the 2 servers I tested did :-), but they both required authorization
|
|
17
|
# so it's quite possible that this pattern will miss some nntp traffic.)
|
|
18
|
^(20[01][\x09-\x0d -~]*AUTHINFO USER|20[01][\x09-\x0d -~]*news)
|
|
19
|
|
|
20
|
# same thing, slightly more accurate, but 100+ times slower
|
|
21
|
#^20[01][\x09-\x0d -~]*\x0d\x0a[\x09-\x0d -~]*AUTHINFO USER|20[01][\x09-\x0d -~]*news
|