Snort mailing list archives

Previous By Date Next
Previous By Thread Next

possable ssh attack

From: Nikola Vulovic <nivukiki () gmail com>
Date: Sat, 28 Jun 2014 15:16:50 +0200
I am  trying snort for the first time,
 got a bit of panic.
I suspect someone was trying to bruteforce ssh
I have attached alert file, and rule that i made
and lookup from ip
$ geoiplookup -f /usr/share/GeoIP/GeoLiteCity.dat 194.102.58.6
GeoIP City Edition, Rev 1: RO, 10, Bucuresti, Bucharest, N/A, 44.433300,
26.100000, 0, 0
$ geoiplookup -d /usr/share/GeoIP/ 194.102.58.6
GeoIP Country Edition: RO, Romania
GeoIP ASNum Edition: AS2614 Agentia de Administrare a Retelei Nationale de
Informatica pentru Educatie si Cercetare
Are my suspicions correct?


-- 
Nikola Vulovic

Attachment: alert
Description:

Attachment: snort.rules
Description: 

------------------------------------------------------------------------------
Open source business process management suite built on Java and Eclipse
Turn processes into business applications with Bonita BPM Community Edition
Quickly connect people, data, and systems into organized workflows
Winner of BOSSIE, CODIE, OW2 and Gartner awards
http://p.sf.net/sfu/Bonitasoft
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: