[Snort-users] Rules for ssh exploit

Martin Roesch roesch at ...1935...
Mon Nov 12 07:59:05 EST 2001


The rules are in CVS...

     -Marty

Ralf Hildebrandt wrote:
> 
> On Fri, Nov 02, 2001 at 04:34:57PM +1300, Russell Fulton wrote:
> 
> >       Does any one have snort rules for detecting the recent spate of
> > ssh attacks or are all the usable fingerprints hidden by the encryption?
> 
> http://staff.washington.edu/dittrich/misc/ssh-analysis.txt
> 
> --
> Ralf Hildebrandt                            Tel.  +49 (0)30-450 570-155
>                                             Fax.  +49 (0)30-450 570-916
> Your mantra for today is: Don't let data from the network near a
> shell. Bad things happen.                    -- Randall Schwartz
> 
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users

--
Martin Roesch - President, Sourcefire Inc. - (410)552-6999
roesch at ...1935... - http://www.sourcefire.com  
Snort: Open Source Network IDS - http://www.snort.org




More information about the Snort-users mailing list