Snort mailing list archives
Re: Re: alert logging of non local lan SSH connections.
From: Marsiske Stefan <stefan.marsiske () sysdata siemens hu>
Date: Wed, 19 Sep 2001 09:31:15 +0200
ssh puts the username into your syslog, on a new connection. and i think some other stuff also (successful identification/or not) On Tue, Sep 18, 2001 at 11:06:04PM -0400, Brian wrote:
According to Travis Farmer:How do i setup an alert to log remote SSH connections (just the headers and possibly the username used if possible).username? you don't. That is after the encryption has taken over. You can log a short bit of the connection before encryption takes hold with this. alert any any -> yourserver 22 (msg:"SSH to sensor"; flags:S; \ tag: session, 300, packets;) -- Brian Caswell Snort Rules Bastard _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
---end quoted text--- -- Stefan [http://web.interware.hu/stef] UPDATED:001031 gpg-key: http://web.interware.hu/stef/gpg.txt quote: "Hackers do not feel that leisure time is automatically any more meaningful than work time. The desirability of both depends on how they are realized. From the point of a view of a meaningful life, the entire work/leisure duality must be abandoned. As long as we are living our work or our leisure, we are not even truly living. Meaning cannot be found in work or leisure but has to arise out of the nature of the activity itself. Out of passion. Social value. Creativity." _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- alert logging of non local lan SSH connections. Travis Farmer (Sep 18)
- Re: alert logging of non local lan SSH connections. Brian (Sep 18)
- Re: Re: alert logging of non local lan SSH connections. Marsiske Stefan (Sep 19)
- Re: alert logging of non local lan SSH connections. Brian (Sep 18)