[Snort-users] Rules for ssh exploit
fygrave at ...121...
Mon Nov 12 02:50:02 EST 2001
On Mon, Nov 12, 2001 at 10:57:15AM +0100, Ralf Hildebrandt wrote:
> On Fri, Nov 02, 2001 at 04:34:57PM +1300, Russell Fulton wrote:
> > Does any one have snort rules for detecting the recent spate of
> > ssh attacks or are all the usable fingerprints hidden by the encryption?
It is actually quite hard to catch ssh exploit attempt with simple
pkt-matching signature. IMHO this is the place where definetely a
protocol analysis would make more sense. Different exploits that I have
seen, look quite different from network layer perspective..
More information about the Snort-users