[Snort-users] Failed FTP login signature

Atkins, Dwane P ATKINSD at ...9240...
Wed May 23 10:12:50 EDT 2007


In an attempt to possible thwart attacks prior to arriving a the
desktop, we are looking for a signature that would alert us as to when
someone is trying to FTP or SSH into a system on our network.  I am
thinking that if someone has typed in 5 or 6 passwords and has not
connected, then they certainly do not have a need to be there.

 

Does anyone out there have a signature for this type of incident?

 

We would probably be looking at Telnet, SSH, FTP and possible HTTP.


Thanks 


Dwane

 

Dwane Atkins

210-567-0158

<mailto:atkinsd at ...9240...>  

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20070523/86e92269/attachment.html>


More information about the Snort-users mailing list