[Snort-sigs] SSH brute force attack sig

Frank Knobbe frank at ...1978...
Wed Jul 6 16:21:24 EDT 2005


On Wed, 2005-07-06 at 15:27 -0400, bmc at ...95... wrote:
> On Wed, Jul 06, 2005 at 02:02:19PM -0500, Paul Schmehl wrote:
> > >># New rule for catching ssh brute-force attacks
> > >>alert tcp $HOME_NET any -> any 22 (msg:"SSH Brute-Force attack";
> > >>threshold: type both, track by_src, count 2000, seconds 60;
> > >>classtype:trojan-activity; sid:1000281; rev:2;)

Hehe... looks like the "flags:S;" somehow got dropped from your quote
there Brian :)

-Frank

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 187 bytes
Desc: This is a digitally signed message part
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20050706/35f20cb4/attachment.sig>


More information about the Snort-sigs mailing list