Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Snort rules

From: ARUN LAL <arunlal7701 () gmail com>
Date: Fri, 18 Mar 2016 12:52:05 +0530
Hi All,

Can anyone explain this rule.

-------------------------------
alert tcp $EXTERNAL_NET any -> $HOME_NET 22 (msg:"ET SCAN Potential SSH
Scan"; flags:S,12; threshold: type both, track by_src, count 5, seconds 30;
reference:url,en.wikipedia.org/wiki/Brute_force_attack; reference:url,
doc.emergingthreats.net/2001219; classtype:attempted-recon; react:block;
sid:20000201; rev:19;)
--------------------------------

react:block will help us for blocking the IP?

------------------------------------------------------------------------------
Transform Data into Opportunity.
Accelerate data analysis in your applications with
Intel Data Analytics Acceleration Library.
Click to learn more.
http://pubads.g.doubleclick.net/gampad/clk?id=278785231&iu=/4140
_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
http://www.snort.org


Please visit http://blog.snort.org for the latest news about Snort!
Previous By Date Next
Previous By Thread Next

Current thread: