Snort mailing list archives

RE: SSH and telnet Login Attempt Rules

From: "Ron Jenkins" <rjenkins () dibr net>
Date: Tue, 27 Sep 2005 23:21:38 -0500

Thanks...

-----Original Message-----
From: Frank Knobbe [mailto:frank () knobbe us] 
Sent: Tuesday, September 27, 2005 11:32 PM
To: Ron Jenkins
Cc: snort-users () lists sourceforge net
Subject: Re: [Snort-users] SSH and telnet Login Attempt Rules

On Tue, 2005-09-27 at 21:53 -0500, Ron Jenkins wrote:

Does anyone have rules that will detect these two?


I think we got several rules that do something like you desire over at
BleedingSnort.com in the bleeding-scan.rules. May need minor tweaking
(like adjusting/removing thresholds). If you are not familiar with the
project, check it out at http://www.bleedingsnort.com

Cheers,
Frank





-------------------------------------------------------
This SF.Net email is sponsored by:
Power Architecture Resource Center: Free content, downloads, discussions,
and more. http://solutions.newsforge.com/ibmarch.tmpl
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

SSH and telnet Login Attempt Rules Ron Jenkins (Sep 27)
- Re: SSH and telnet Login Attempt Rules Gene R Gomez (Sep 27)
- Re: SSH and telnet Login Attempt Rules Frank Knobbe (Sep 27)
- Re: SSH and telnet Login Attempt Rules Jason (Sep 27)
- <Possible follow-ups>
- RE: SSH and telnet Login Attempt Rules Ron Jenkins (Sep 27)