[Snort-sigs] rule for openssh successful connection

Ryan Russell ryan at ...113...
Fri Jun 28 09:17:04 EDT 2002


On Fri, 28 Jun 2002, Paulo Filipe Mira wrote:
> i want snort to log any successful connection to the ssh daemons
> running on my DMZ. i'm the only one who should be doing such
> connections, and it would great if i didn't have to rely on
> the server's syslog messages as the sole source for that info.

Define "successful connection". Do you mean simply completing the TCP
handshake, or download of keys, or successful client authentication, or
what?

					Ryan





More information about the Snort-sigs mailing list