Re: SSH and telnet Login Attempt Rules

[Gene R Gomez <gene () gomezbrothers com>]

Heya Ron,
Detecting telnet would probably be simple enough, but SSH is much 
trickier given all that nasty encryption stuff...tough to see what's 
going on in that session.
You may be better off using some form of log centralization and parsing 
instead; it'd be more reliable than using NIDS to detect this kind of thing.

Gene R Gomez

Ron Jenkins wrote:

> Does anyone have rules that will detect these two?
>
> Thanks…
>
> Ron Jenkins (SnortCP, MCNE, CNE6, MCP, CCNA, CCEA)
> Senior Architect
> Data Integrity, LLC
> "We Integrate People with Solutions"
> 1724 Dallas Drive
> Suite 11
> Baton Rouge, La 70806
> Office. 225.927.8030
> Fax. 225.927.8033
> Cell225.931.1632
>
> Email. rjenkins () dibr net
> Web. http://www.dibr.net
>
> (Aanval Reseller and Technology Partner)
>
> http://www.aanval.com/tour/dibr


-------------------------------------------------------
This SF.Net email is sponsored by:
Power Architecture Resource Center: Free content, downloads, discussions,
and more. http://solutions.newsforge.com/ibmarch.tmpl
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users