[unisog] Tool to find ssh attacks in argus logs

Russell Fulton r.fulton at auckland.ac.nz
Mon Nov 5 19:54:10 GMT 2001

On Mon, 5 Nov 2001 09:27:13 -0500 (EST) Chris Hallenbeck 
<cthallen at binghamton.edu> wrote:

> Russell,
>   Do you (or anyone else) have a Snort, or snort-like, compatible IDS
> signature for this particular attack? 

I asked this very question on the snort user's mailing list last week 
but received no replies.  I assume the problem is that the data stream 
is encrypted and the finger prints that could be used by NIDS are 
therefore hidden.  

Encryption is indeed a two edged sword!

Hmmmm... Does the ISS NIDS have rules for this attack?

Russell Fulton, Computer and Network Security Officer
The University of Auckland,  New Zealand

More information about the unisog mailing list