Snort mailing list archives
Re: SSH and telnet Login Attempt Rules
From: Jason <security () brvenik com>
Date: Wed, 28 Sep 2005 01:46:31 -0400
Both of these should be easy to detect. Telnet: port 23 returning /login/i SSH: Port 22 returning /SSH/ There are tons of potential variations so a more specific use case would help. Ron Jenkins wrote:
Does anyone have rules that will detect these two? Thanks… Ron Jenkins (SnortCP, MCNE, CNE6, MCP, CCNA, CCEA) Senior Architect Data Integrity, LLC "We Integrate People with Solutions" 1724 Dallas Drive Suite 11 Baton Rouge, La 70806 Office. 225.927.8030 Fax. 225.927.8033 Cell225.931.1632 Email. rjenkins () dibr net Web. http://www.dibr.net (Aanval Reseller and Technology Partner) http://www.aanval.com/tour/dibr
------------------------------------------------------- This SF.Net email is sponsored by: Power Architecture Resource Center: Free content, downloads, discussions, and more. http://solutions.newsforge.com/ibmarch.tmpl _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- SSH and telnet Login Attempt Rules Ron Jenkins (Sep 27)
- Re: SSH and telnet Login Attempt Rules Gene R Gomez (Sep 27)
- Re: SSH and telnet Login Attempt Rules Frank Knobbe (Sep 27)
- Re: SSH and telnet Login Attempt Rules Jason (Sep 27)
- <Possible follow-ups>
- RE: SSH and telnet Login Attempt Rules Ron Jenkins (Sep 27)