Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Rules for ssh exploit

From: Martin Roesch <roesch () sourcefire com>
Date: Mon, 12 Nov 2001 10:58:13 -0500
The rules are in CVS...

     -Marty

Ralf Hildebrandt wrote:


On Fri, Nov 02, 2001 at 04:34:57PM +1300, Russell Fulton wrote:


      Does any one have snort rules for detecting the recent spate of
ssh attacks or are all the usable fingerprints hidden by the encryption?


http://staff.washington.edu/dittrich/misc/ssh-analysis.txt

--
Ralf Hildebrandt                            Tel.  +49 (0)30-450 570-155
                                            Fax.  +49 (0)30-450 570-916
Your mantra for today is: Don't let data from the network near a
shell. Bad things happen.                    -- Randall Schwartz

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users


--
Martin Roesch - President, Sourcefire Inc. - (410)552-6999
roesch () sourcefire com - http://www.sourcefire.com  
Snort: Open Source Network IDS - http://www.snort.org

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: