alert logging of non local lan SSH connections.

["Travis Farmer" <travis5765 () hotmail com>]

Ok, here's the deal. My server sits in a closet allong with some other 
network equipment. this way it's out of the way. Now rather than pulling up 
a chair in the closet every time i need to do something, i use SSH.
Lately i have been getting hundreds of hits a day to my telnet server. I 
figured it must be a script kiddy as not many people can type random logins 
that fast. I don't use telnet so i simply shut down the service. Now that 
port 23 is out of the question, the script kiddy has decided to try my SSH 
port. all the connections are from remote ip addresses and each connection 
is a new address (obviously spoofing).

How do i setup an alert to log remote SSH connections (just the headers and 
possibly the username used if possible).

Any thoughts? comments? rants?

~Travis

_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users