Snort mailing list archives
alert logging of non local lan SSH connections.
From: "Travis Farmer" <travis5765 () hotmail com>
Date: Tue, 18 Sep 2001 10:59:30 -0400
Ok, here's the deal. My server sits in a closet allong with some other network equipment. this way it's out of the way. Now rather than pulling up a chair in the closet every time i need to do something, i use SSH. Lately i have been getting hundreds of hits a day to my telnet server. I figured it must be a script kiddy as not many people can type random logins that fast. I don't use telnet so i simply shut down the service. Now that port 23 is out of the question, the script kiddy has decided to try my SSH port. all the connections are from remote ip addresses and each connection is a new address (obviously spoofing).
How do i setup an alert to log remote SSH connections (just the headers and possibly the username used if possible).
Any thoughts? comments? rants? ~Travis _________________________________________________________________ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- alert logging of non local lan SSH connections. Travis Farmer (Sep 18)
- Re: alert logging of non local lan SSH connections. Brian (Sep 18)
- Re: Re: alert logging of non local lan SSH connections. Marsiske Stefan (Sep 19)
- Re: alert logging of non local lan SSH connections. Brian (Sep 18)