[Snort-users] SSH and telnet Login Attempt Rules
security at ...5028...
Tue Sep 27 22:47:25 EDT 2005
Both of these should be easy to detect.
Telnet: port 23 returning /login/i
SSH: Port 22 returning /SSH/
There are tons of potential variations so a more specific use case would
Ron Jenkins wrote:
> Does anyone have rules that will detect these two?
> Ron Jenkins (SnortCP, MCNE, CNE6, MCP, CCNA, CCEA)
> Senior Architect
> Data Integrity, LLC
> "We Integrate People with Solutions"
> 1724 Dallas Drive
> Suite 11
> Baton Rouge, La 70806
> Office. 225.927.8030
> Fax. 225.927.8033
> Email. rjenkins at ...12829...
> Web. http://www.dibr.net
> (Aanval Reseller and Technology Partner)
More information about the Snort-users