Snort mailing list archives
VNC Failed Login
From: sekure <sekure () gmail com>
Date: Thu, 2 Sep 2004 14:26:19 -0400
Saw a warning on isc.sans.org about brute force VNC login attempts and couldn't really find any rules to detect it, so I threw together this one: alert tcp $HOME_NET 5900 -> $EXTERNAL_NET any (msg:"VNC Failed Login"; flow:to_client,established; content:"|00 00 00 00 00 01 00 00 00 16|"; content:"Authentication|20|failure"; classtype:unsuccessful-user; sid:1000001; rev:1;) ------------------------------------------------------- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_id=5047&alloc_id=10808&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- VNC Failed Login sekure (Sep 02)
- Re: VNC Failed Login Frank Knobbe (Sep 02)
- Re: Re: [Snort-users] VNC Failed Login Nigel Houghton (Sep 02)
- Re: Re: [Snort-users] VNC Failed Login Jose Maria Lopez (Sep 03)
- Re: Re: [Snort-users] VNC Failed Login Nigel Houghton (Sep 02)
- snort-inline on HP-UX prabu (Sep 02)
- Re: VNC Failed Login Frank Knobbe (Sep 02)