Snort mailing list archives
possable ssh attack
From: Nikola Vulovic <nivukiki () gmail com>
Date: Sat, 28 Jun 2014 15:16:50 +0200
I am trying snort for the first time, got a bit of panic. I suspect someone was trying to bruteforce ssh I have attached alert file, and rule that i made and lookup from ip $ geoiplookup -f /usr/share/GeoIP/GeoLiteCity.dat 194.102.58.6 GeoIP City Edition, Rev 1: RO, 10, Bucuresti, Bucharest, N/A, 44.433300, 26.100000, 0, 0 $ geoiplookup -d /usr/share/GeoIP/ 194.102.58.6 GeoIP Country Edition: RO, Romania GeoIP ASNum Edition: AS2614 Agentia de Administrare a Retelei Nationale de Informatica pentru Educatie si Cercetare Are my suspicions correct? -- Nikola Vulovic
Attachment:
alert
Description:
Attachment:
snort.rules
Description:
------------------------------------------------------------------------------ Open source business process management suite built on Java and Eclipse Turn processes into business applications with Bonita BPM Community Edition Quickly connect people, data, and systems into organized workflows Winner of BOSSIE, CODIE, OW2 and Gartner awards http://p.sf.net/sfu/Bonitasoft
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- possable ssh attack Nikola Vulovic (Jun 29)
- Re: possable ssh attack Jeremy Hoel (Jun 29)