Snort mailing list archives
Re: SSH and telnet Login Attempt Rules
From: Gene R Gomez <gene () gomezbrothers com>
Date: Tue, 27 Sep 2005 21:00:56 -0700
Heya Ron,Detecting telnet would probably be simple enough, but SSH is much trickier given all that nasty encryption stuff...tough to see what's going on in that session. You may be better off using some form of log centralization and parsing instead; it'd be more reliable than using NIDS to detect this kind of thing.
Gene R Gomez Ron Jenkins wrote:
Does anyone have rules that will detect these two? Thanks… Ron Jenkins (SnortCP, MCNE, CNE6, MCP, CCNA, CCEA) Senior Architect Data Integrity, LLC "We Integrate People with Solutions" 1724 Dallas Drive Suite 11 Baton Rouge, La 70806 Office. 225.927.8030 Fax. 225.927.8033 Cell225.931.1632 Email. rjenkins () dibr net Web. http://www.dibr.net (Aanval Reseller and Technology Partner) http://www.aanval.com/tour/dibr
------------------------------------------------------- This SF.Net email is sponsored by: Power Architecture Resource Center: Free content, downloads, discussions, and more. http://solutions.newsforge.com/ibmarch.tmpl _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- SSH and telnet Login Attempt Rules Ron Jenkins (Sep 27)
- Re: SSH and telnet Login Attempt Rules Gene R Gomez (Sep 27)
- Re: SSH and telnet Login Attempt Rules Frank Knobbe (Sep 27)
- Re: SSH and telnet Login Attempt Rules Jason (Sep 27)
- <Possible follow-ups>
- RE: SSH and telnet Login Attempt Rules Ron Jenkins (Sep 27)