[Snort-users] Identify outbound SSH connections

Craig Merchant cmerchant at ...16022...
Tue Jan 8 21:14:53 EST 2013

Is there a rule in the emerging threats or sourcefire rule base that will identify an SSH or SSL connection that goes from $HOME_NET -> !$HOME_NET, particularly on non-standard ports?


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20130109/bc4a9b48/attachment.html>

More information about the Snort-users mailing list