[Snort-users] Failed FTP login signature

Atkins, Dwane P ATKINSD at ...9240...
Wed May 23 10:12:50 EDT 2007

In an attempt to possible thwart attacks prior to arriving a the
desktop, we are looking for a signature that would alert us as to when
someone is trying to FTP or SSH into a system on our network.  I am
thinking that if someone has typed in 5 or 6 passwords and has not
connected, then they certainly do not have a need to be there.


Does anyone out there have a signature for this type of incident?


We would probably be looking at Telnet, SSH, FTP and possible HTTP.




Dwane Atkins


<mailto:atkinsd at ...9240...>  


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20070523/86e92269/attachment.html>

More information about the Snort-users mailing list