Snort mailing list archives

Re: SSH and telnet Login Attempt Rules

From: Jason <security () brvenik com>
Date: Wed, 28 Sep 2005 01:46:31 -0400

Both of these should be easy to detect.

Telnet: port 23 returning /login/i
SSH: Port 22 returning /SSH/

There are tons of potential variations so a more specific use case would
help.

Ron Jenkins wrote:

Does anyone have rules that will detect these two?

 

Thanks…

 

Ron Jenkins (SnortCP, MCNE, CNE6, MCP, CCNA, CCEA)
Senior Architect
Data Integrity, LLC
"We Integrate People with Solutions"
1724 Dallas Drive
Suite 11
Baton Rouge, La 70806
Office. 225.927.8030
Fax. 225.927.8033
Cell225.931.1632

Email. rjenkins () dibr net
Web. http://www.dibr.net

(Aanval Reseller and Technology Partner)

http://www.aanval.com/tour/dibr



-------------------------------------------------------
This SF.Net email is sponsored by:
Power Architecture Resource Center: Free content, downloads, discussions,
and more. http://solutions.newsforge.com/ibmarch.tmpl
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

SSH and telnet Login Attempt Rules Ron Jenkins (Sep 27)
- Re: SSH and telnet Login Attempt Rules Gene R Gomez (Sep 27)
- Re: SSH and telnet Login Attempt Rules Frank Knobbe (Sep 27)
- Re: SSH and telnet Login Attempt Rules Jason (Sep 27)
- <Possible follow-ups>
- RE: SSH and telnet Login Attempt Rules Ron Jenkins (Sep 27)