Snort mailing list archives
Re: ssh cracking
From: Jeremy Hoel <jthoel () gmail com>
Date: Sat, 11 May 2013 14:45:38 -0600
If you do a pcap of a normal login, and one that is being attempted bu the hydra tool.. are there any differences? ie: After the key exchange, do you see anything? Is the key different? A signature has to be written for something that snort would pickup.. if the logins all look the same, from a tcp standpoint, then there's no way to write a signature for that. At least not that I know. On Sat, May 11, 2013 at 2:27 PM, Balla István <balla.bmf () gmail com> wrote:
:D cool idea... sorry if i wasnt clear. i m attacking one of my vm (which runs an ssh server) with hydra cracking tool. snort is between the attacking and the attacked vm. i wonder which rule or signature detect that attack. 2013/5/11 Michael Brown <mike.a.brown09 () gmail com>Bella Are you saying that you want to determine what the pw is with Snort ? Thank you, Michael A. Brown B.S. Information Technology: Network Specialist A.A.S. Information Technology: Technical Support "The only thing for the triumph of evil is for good men to do nothing" -Edmund Burke On Sat, May 11, 2013 at 4:00 PM, Balla István <balla.bmf () gmail com> wrote:hey guys, could you tell me what rule is for ssh pw cracking. e.g. when using hydra with -P xyz.lst? thx ------------------------------------------------------------------------------ Learn Graph Databases - Download FREE O'Reilly Book "Graph Databases" is the definitive new guide to graph databases and their applications. This 200-page book is written by three acclaimed leaders in the field. The early access version is available now. Download your free book today! http://p.sf.net/sfu/neotech_d2d_may _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!------------------------------------------------------------------------------ Learn Graph Databases - Download FREE O'Reilly Book "Graph Databases" is the definitive new guide to graph databases and their applications. This 200-page book is written by three acclaimed leaders in the field. The early access version is available now. Download your free book today! http://p.sf.net/sfu/neotech_d2d_may _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
------------------------------------------------------------------------------ Learn Graph Databases - Download FREE O'Reilly Book "Graph Databases" is the definitive new guide to graph databases and their applications. This 200-page book is written by three acclaimed leaders in the field. The early access version is available now. Download your free book today! http://p.sf.net/sfu/neotech_d2d_may _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- ssh cracking Balla István (May 11)
- Message not available
- Re: ssh cracking Michael Brown (May 11)
- Message not available
- Message not available
- Re: ssh cracking Balla István (May 11)
- Re: ssh cracking Jeremy Hoel (May 11)
- Re: ssh cracking Y M (May 11)
- Re: ssh cracking Balla István (May 11)