[Snort-sigs] Bleedingsnort.com Daily Update

bleeding at ...2727... bleeding at ...2727...
Thu Jan 6 18:01:08 EST 2005


[***] Results from Oinkmaster started Thu Jan  6 21:00:03 2005 [***]

[*] Rules modifications: [*]
    None.

[+++]      Added non-rule lines:     [+++]

     -> Added to bleeding-attack_response.rules (1):
        #alert tcp $EXTERNAL_NET any -> $HOME_NET 22 (msg:"SSH Successful user connection after Brute Force Attack"; flowbits:isset,ssh.brute.attempt; threshold:type both, track by_src, count 2, seconds 60; dsize:100; flags:AP; classtype:successful-user; rev:2;)

[---]     Removed non-rule lines:    [---]

     -> Removed from bleeding-attack_response.rules (1):
        alert tcp $EXTERNAL_NET any -> $HOME_NET 22 (msg:"SSH Successful user connection after Brute Force Attack"; flowbits:isset,ssh.brute.attempt; threshold:type both, track by_src, count 2, seconds 60; dsize:100; flags:AP; classtype:successful-user; rev:2;)

[*] Added files: [*]
    None.





More information about the Snort-sigs mailing list