[Snort-users] possable ssh attack

Nikola Vulovic nivukiki at ...11827...
Sat Jun 28 09:16:50 EDT 2014


I am  trying snort for the first time,
 got a bit of panic.
I suspect someone was trying to bruteforce ssh
I have attached alert file, and rule that i made
and lookup from ip
$ geoiplookup -f /usr/share/GeoIP/GeoLiteCity.dat 194.102.58.6
GeoIP City Edition, Rev 1: RO, 10, Bucuresti, Bucharest, N/A, 44.433300,
26.100000, 0, 0
$ geoiplookup -d /usr/share/GeoIP/ 194.102.58.6
GeoIP Country Edition: RO, Romania
GeoIP ASNum Edition: AS2614 Agentia de Administrare a Retelei Nationale de
Informatica pentru Educatie si Cercetare
Are my suspicions correct?


-- 
Nikola Vulovic
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20140628/314db96b/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: alert
Type: application/octet-stream
Size: 279842 bytes
Desc: not available
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20140628/314db96b/attachment.obj>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: snort.rules
Type: application/octet-stream
Size: 187 bytes
Desc: not available
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20140628/314db96b/attachment-0001.obj>


More information about the Snort-users mailing list