[unisog] Tool to find ssh attacks in argus logs
Glenn Forbes Fleming Larratt
glratt at rice.edu
Mon Nov 5 21:14:17 GMT 2001
For those of us using other than argus, any chance of this for snort/tcpdump
logs, or written in pseudo-code that's less argus-specific?
On Mon, 5 Nov 2001, Russell Fulton wrote:
> Greetings All,
> Here is a quick perl hack to scan archived argus logs
> for evidence of ssh attacks. The current attack that we have seen
> iterates an offset for the shell code and this script picks up the
> repeated attempts...
More information about the unisog