[Snort-users] SSH and telnet Login Attempt Rules

Frank Knobbe frank at ...9761...
Tue Sep 27 21:34:06 EDT 2005

On Tue, 2005-09-27 at 21:53 -0500, Ron Jenkins wrote:
> Does anyone have rules that will detect these two?

I think we got several rules that do something like you desire over at
BleedingSnort.com in the bleeding-scan.rules. May need minor tweaking
(like adjusting/removing thresholds). If you are not familiar with the
project, check it out at http://www.bleedingsnort.com


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 187 bytes
Desc: This is a digitally signed message part
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20050927/32184562/attachment.sig>

More information about the Snort-users mailing list