Snort mailing list archives
snort to trap SSH connection --HOWTO?
From: "gerald." <gerald.chan () i-admin com>
Date: Sat, 6 Oct 2001 14:13:07 +0800
Hi, I am running Linux Redhat 7.1, snort-1.8.1-RELEASE, openssh 2.9.2 I tried to trap any suspicious SSH connection from external network to my network, but unable to start the process. case 1 alert tcp $HOME_NET 22 -> $EXTERNAL_NET any (msg:"SSH login from untrusted network"; flags: S; tag: session, 300, packets;) result: core dump case 2 alert $HOME_NET 22 -> any any (msg:"SSH login from untrusted network"; flags: S; tag: session, 300, packets;) result: ERROR /etc/snort/rules/ssh.rules (5) => Bad protocol: any Fatal Error, Quitting.. case 3 alert tcp $HOME_NET 22 -> $EXTERNAL_NET any (msg:"SSH to sensor";) result: core dump Please Help and thanks in advance, Gerald
Current thread:
- snort to trap SSH connection --HOWTO? gerald. (Oct 05)
- Re: snort to trap SSH connection --HOWTO? Chris Green (Oct 06)
- Re: snort to trap SSH connection --HOWTO? gerald. (Oct 06)
- Re: snort to trap SSH connection --HOWTO? Chris Green (Oct 06)