[unisog] Tool to find ssh attacks in argus logs
andreaso at it.su.se
Mon Nov 5 21:08:35 GMT 2001
On Tue, 6 Nov 2001, Russell Fulton wrote:
> I asked this very question on the snort user's mailing list last week
> but received no replies. I assume the problem is that the data stream
> is encrypted and the finger prints that could be used by NIDS are
> therefore hidden.
Actually, check out http://www.snort.org/downloads/snortrules.tar.gz
A few ssh rules (regarding the CRC32 bug) were added a couple of days ago.
More information about the unisog