[unisog] Tool to find ssh attacks in argus logs

Glenn Forbes Fleming Larratt glratt at rice.edu
Mon Nov 5 21:14:17 GMT 2001


For those of us using other than argus, any chance of this for snort/tcpdump
logs, or written in pseudo-code that's less argus-specific?

	-g

On Mon, 5 Nov 2001, Russell Fulton wrote:

> Greetings All,
> 	     Here is a quick perl hack to scan archived argus[1] logs
> for evidence of ssh attacks.  The current attack that we have seen
> iterates an offset for the shell code and this script picks up the
> repeated attempts...




More information about the unisog mailing list