[***] Results from Oinkmaster started Fri Dec 31 21:00:03 2004 [***]
[+++] Added rules: [+++]
-> Added to bleeding-policy.rules (1):
alert tcp any any -> $HOME_NET 22 (msg:"BLEEDING-EDGE Policy SSH
Successful user connection"; dsize:100; flags:AP; threshold: type both, track
by_src, count 2, seconds 60; classtype:successful-user; sid:2001637; rev:1;)
[///] Modified active rules: [///]
-> Modified active in bleeding-scan.rules (1):
old: alert tcp any any -> $HOME_NET 22 (msg:"BLEEDING-EDGE Potential
SSH Scan"; flags:S; threshold:type threshold, track by_src, count 5, seconds
120; classtype:attempted-dos; sid:2001219; rev:6;)
new: alert tcp any any -> $HOME_NET 22 (msg:"BLEEDING-EDGE Potential
SSH Scan"; flags:S; threshold:type threshold, track by_src, count 5, seconds
120; flowbits:set,ssh.brute.attempt; classtype:attempted-dos; sid:2001219;
rev:7;)
[+++] Added non-rule lines: [+++]
-> Added to bleeding-attack_response.rules (2):
#By Matt Jonkman
alert tcp $EXTERNAL_NET any -> $HOME_NET 22 (msg:"SSH Successful user
connection after Brute Force Attack"; flowbits:isset,ssh.brute.attempt;
threshold:type both, track by_src, count 2, seconds 60; dsize:100; flags:AP;
classtype:successful-user; rev:2;)
-> Added to bleeding-policy.rules (1):
#By Chris Norton
-> Added to bleeding-sid-msg.map (1):
2001637 || BLEEDING-EDGE Policy SSH Successful user connection
[*] Added files: [*]
None.
-------------------------------------------------------
The SF.Net email is sponsored by: Beat the post-holiday blues
Get a FREE limited edition SourceForge.net t-shirt from ThinkGeek.
It's fun and FREE -- well, almost....http://www.thinkgeek.com/sfshirt
_______________________________________________
Snort-sigs mailing list
Snort-sigs@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
