[Snort-users] SSH and telnet Login Attempt Rules

Jason security at ...5028...
Tue Sep 27 22:47:25 EDT 2005


Both of these should be easy to detect.

Telnet: port 23 returning /login/i
SSH: Port 22 returning /SSH/

There are tons of potential variations so a more specific use case would
help.

Ron Jenkins wrote:
> Does anyone have rules that will detect these two?
> 
>  
> 
> Thanks…
> 
>  
> 
> Ron Jenkins (SnortCP, MCNE, CNE6, MCP, CCNA, CCEA)
> Senior Architect
> Data Integrity, LLC
> "We Integrate People with Solutions"
> 1724 Dallas Drive
> Suite 11
> Baton Rouge, La 70806
> Office. 225.927.8030
> Fax. 225.927.8033
> Cell225.931.1632
> 
> Email. rjenkins at ...12829...
> Web. http://www.dibr.net
> 
> (Aanval Reseller and Technology Partner)
> 
> http://www.aanval.com/tour/dibr
> 
>  
> 




More information about the Snort-users mailing list