[unisog] Tool to find ssh attacks in argus logs
r.fulton at auckland.ac.nz
Mon Nov 5 19:54:10 GMT 2001
On Mon, 5 Nov 2001 09:27:13 -0500 (EST) Chris Hallenbeck
<cthallen at binghamton.edu> wrote:
> Do you (or anyone else) have a Snort, or snort-like, compatible IDS
> signature for this particular attack?
I asked this very question on the snort user's mailing list last week
but received no replies. I assume the problem is that the data stream
is encrypted and the finger prints that could be used by NIDS are
Encryption is indeed a two edged sword!
Hmmmm... Does the ISS NIDS have rules for this attack?
Russell Fulton, Computer and Network Security Officer
The University of Auckland, New Zealand
More information about the unisog