alert tcp $EXTERNAL_NET any -> $HOME_NET 22 (msg:"ET SCAN Potential SSH Scan"; flags:S,12; threshold: type both, track by_src, count 5, seconds 120; reference:url,en.wikipedia.org/wiki/Brute_force_attack; reference:url,doc.emergingthreats.net/2001219; classtype:attempted-recon; sid:2001219; rev:19;)

Added 2014-09-09 17:58:11 UTC


alert tcp $EXTERNAL_NET any -> $HOME_NET 22 (msg:"ET SCAN Potential SSH Scan"; flags:S,12; threshold: type threshold, track by_src, count 5, seconds 120; reference:url,en.wikipedia.org/wiki/Brute_force_attack; reference:url,doc.emergingthreats.net/2001219; classtype:attempted-recon; sid:2001219; rev:18;)

Added 2011-10-12 19:10:09 UTC


alert tcp $EXTERNAL_NET any -> $HOME_NET 22 (msg:"ET SCAN Potential SSH Scan"; flags:S,12; threshold: type threshold, track by_src, count 5, seconds 120; classtype: attempted-recon; reference:url,en.wikipedia.org/wiki/Brute_force_attack; reference:url,doc.emergingthreats.net/2001219; sid:2001219; rev:18;)

Added 2011-09-15 14:46:34 UTC


alert tcp $EXTERNAL_NET any -> $HOME_NET 22 (msg:"ET SCAN Potential SSH Scan"; flags:S,12; threshold: type threshold, track by_src, count 5, seconds 120; classtype: attempted-recon; reference:url,en.wikipedia.org/wiki/Brute_force_attack; reference:url,doc.emergingthreats.net/2001219; sid:2001219; rev:18;)

Added 2011-09-14 20:45:19 UTC


alert tcp $EXTERNAL_NET any -> $HOME_NET 22 (msg:"ET SCAN Potential SSH Scan"; flags:S,12; threshold: type threshold, track by_src, count 5, seconds 120; classtype: attempted-recon; reference:url,en.wikipedia.org/wiki/Brute_force_attack; reference:url,doc.emergingthreats.net/2001219; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/SCAN/SCAN_SSH_Brute_Force; sid:2001219; rev:18;)

Added 2011-02-04 17:21:21 UTC


alert tcp $EXTERNAL_NET any -> $HOME_NET 22 (msg:"ET SCAN Potential SSH Scan"; flags:S,12; threshold: type threshold, track by_src, count 5, seconds 120; classtype: attempted-recon; reference:url,en.wikipedia.org/wiki/Brute_force_attack; reference:url,doc.emergingthreats.net/2001219; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/SCAN/SCAN_SSH_Brute_Force; sid:2001219; rev:18;)

Added 2010-06-28 22:47:02 UTC


alert tcp $EXTERNAL_NET any -> $HOME_NET 22 (msg:"ET SCAN Potential SSH Scan"; flags:S,12; threshold: type threshold, track by_src, count 5, seconds 120; classtype: attempted-recon; reference:url,en.wikipedia.org/wiki/Brute_force_attack; reference:url,doc.emergingthreats.net/2001219; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/SCAN/SCAN_SSH_Brute_Force; sid:2001219; rev:18;)

Added 2010-06-28 22:47:02 UTC


alert tcp $EXTERNAL_NET any -> $HOME_NET 22 (msg:"ET SCAN Potential SSH Scan"; flags:S,12; threshold: type threshold, track by_src, count 5, seconds 120; classtype: attempted-recon; reference:url,en.wikipedia.org/wiki/Brute_force_attack; reference:url,doc.emergingthreats.net/2001219; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/SCAN/SCAN_SSH_Brute_Force; sid: 2001219; rev:18;)

Added 2009-02-12 18:21:19 UTC


alert tcp $EXTERNAL_NET any -> $HOME_NET 22 (msg:"ET SCAN Potential SSH Scan"; flags:S,12; threshold: type threshold, track by_src, count 5, seconds 120; classtype: attempted-recon; reference:url,en.wikipedia.org/wiki/Brute_force_attack; sid: 2001219; rev:17;)

Added 2009-01-06 12:45:21 UTC


alert tcp $EXTERNAL_NET any -> $HOME_NET 22 (msg:"ET SCAN Potential SSH Scan"; flags:S; threshold: type threshold, track by_src, count 5, seconds 120; classtype: attempted-recon; reference:url,en.wikipedia.org/wiki/Brute_force_attack; sid: 2001219; rev:16;)

Added 2008-09-19 11:36:32 UTC


alert tcp $EXTERNAL_NET any -> $HOME_NET 22 (msg:"ET SCAN Potential SSH Scan"; flags: S; flowbits: set,ssh.brute.attempt; threshold: type threshold, track by_src, count 5, seconds 120; classtype: attempted-recon; reference:url,en.wikipedia.org/wiki/Brute_force_attack; sid: 2001219; rev:15;)

Added 2008-01-29 10:56:40 UTC



alert tcp $EXTERNAL_NET any -> $HOME_NET 22 (msg: "BLEEDING-EDGE Potential SSH Scan"; flags: S; flowbits: set,ssh.brute.attempt; threshold: type threshold, track by_src, count 5, seconds 120; classtype: attempted-recon; reference:url,www.whitedust.net/article/27/Recent%20SSH%20Brute-Force%20Attacks/; sid: 2001219; rev:13; )



Topic revision: r5 - 2010-06-10 - MattJonkman
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats