Snort mailing list archives

Re: SSH and telnet Login Attempt Rules

From: Frank Knobbe <frank () knobbe us>
Date: Tue, 27 Sep 2005 23:32:16 -0500

On Tue, 2005-09-27 at 21:53 -0500, Ron Jenkins wrote:

Does anyone have rules that will detect these two?


I think we got several rules that do something like you desire over at
BleedingSnort.com in the bleeding-scan.rules. May need minor tweaking
(like adjusting/removing thresholds). If you are not familiar with the
project, check it out at http://www.bleedingsnort.com

Cheers,
Frank

Attachment: signature.asc
Description: This is a digitally signed message part

Current thread:

SSH and telnet Login Attempt Rules Ron Jenkins (Sep 27)
- Re: SSH and telnet Login Attempt Rules Gene R Gomez (Sep 27)
- Re: SSH and telnet Login Attempt Rules Frank Knobbe (Sep 27)
- Re: SSH and telnet Login Attempt Rules Jason (Sep 27)
- <Possible follow-ups>
- RE: SSH and telnet Login Attempt Rules Ron Jenkins (Sep 27)