[Snort-users] Identify outbound SSH connections

Y M snort at ...15979...
Tue Jan 8 22:45:22 EST 2013


Check sid: 13586 from the VRT tarball, it can be good starting point.

YM
________________________________
From: Craig Merchant<mailto:cmerchant at ...16022...>
Sent: ‎1/‎9/‎2013 5:15 AM
To: snort-users at lists.sourceforge.net<mailto:snort-users at ...3783...net>
Subject: [Snort-users] Identify outbound SSH connections

Is there a rule in the emerging threats or sourcefire rule base that will identify an SSH or SSL connection that goes from $HOME_NET -> !$HOME_NET, particularly on non-standard ports?

Thx.

Craig
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20130109/c30d6b16/attachment.html>
-------------- next part --------------
------------------------------------------------------------------------------
Master Java SE, Java EE, Eclipse, Spring, Hibernate, JavaScript, jQuery
and much more. Keep your Java skills current with LearnJavaNow -
200+ hours of step-by-step video tutorials by Java experts.
SALE $49.99 this month only -- learn more at:
http://p.sf.net/sfu/learnmore_122612 
-------------- next part --------------
_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!


More information about the Snort-users mailing list