[Snort-users] Failed FTP login signature
Atkins, Dwane P
ATKINSD at ...9240...
Wed May 23 10:12:50 EDT 2007
In an attempt to possible thwart attacks prior to arriving a the
desktop, we are looking for a signature that would alert us as to when
someone is trying to FTP or SSH into a system on our network. I am
thinking that if someone has typed in 5 or 6 passwords and has not
connected, then they certainly do not have a need to be there.
Does anyone out there have a signature for this type of incident?
We would probably be looking at Telnet, SSH, FTP and possible HTTP.
<mailto:atkinsd at ...9240...>
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-users