[Snort-users] SSH and telnet Login Attempt Rules

Gene R Gomez gene at ...13522...
Tue Sep 27 21:02:33 EDT 2005


Heya Ron,
Detecting telnet would probably be simple enough, but SSH is much 
trickier given all that nasty encryption stuff...tough to see what's 
going on in that session.
You may be better off using some form of log centralization and parsing 
instead; it'd be more reliable than using NIDS to detect this kind of thing.

Gene R Gomez

Ron Jenkins wrote:

> Does anyone have rules that will detect these two?
>
> Thanks…
>
> Ron Jenkins (SnortCP, MCNE, CNE6, MCP, CCNA, CCEA)
> Senior Architect
> Data Integrity, LLC
> "We Integrate People with Solutions"
> 1724 Dallas Drive
> Suite 11
> Baton Rouge, La 70806
> Office. 225.927.8030
> Fax. 225.927.8033
> Cell225.931.1632
>
> Email. rjenkins at ...12829...
> Web. http://www.dibr.net
>
> (Aanval Reseller and Technology Partner)
>
> http://www.aanval.com/tour/dibr
>




More information about the Snort-users mailing list