no alert in http tunnel

["SW" <samwun () onebb net>]

 Dear all,
 
 I heard that snort 1.8.2 can be configured to catch
 httptunnel with remote
 login (eg. telnet thru http tunnel), it should produce
 the following false
 posstive:
       [**] WEB-MISC whisker splice attack [**]
 but as far as I known, default rule configuration does
 not produce the above
 signature with snort 1.8.2, it just keep silent. This
 is same as snort 1.9.

 Does anyone know how to configure snort to catch
 httptunnel with remote
 telnet?
 
 Thanks
 Sam