[Snort-users] SSH and telnet Login Attempt Rules

Ron Jenkins rjenkins at ...12829...
Tue Sep 27 21:35:37 EDT 2005


Thanks...

-----Original Message-----
From: Frank Knobbe [mailto:frank at ...9761...] 
Sent: Tuesday, September 27, 2005 11:32 PM
To: Ron Jenkins
Cc: snort-users at lists.sourceforge.net
Subject: Re: [Snort-users] SSH and telnet Login Attempt Rules

On Tue, 2005-09-27 at 21:53 -0500, Ron Jenkins wrote:
> Does anyone have rules that will detect these two?

I think we got several rules that do something like you desire over at
BleedingSnort.com in the bleeding-scan.rules. May need minor tweaking
(like adjusting/removing thresholds). If you are not familiar with the
project, check it out at http://www.bleedingsnort.com

Cheers,
Frank







More information about the Snort-users mailing list