Snort mailing list archives
Re: possable ssh attack
From: Jeremy Hoel <jthoel () gmail com>
Date: Sun, 29 Jun 2014 22:56:14 -0600
All this alert tells you (based on the rule you wrote) is that someone is connecting to your server on port 22. You have system logs that can show you what they are doing to the service, if they are trying to use different accounts, etc. Search the vrt community rule set for other ssh rules that might provide more information. On Sat, Jun 28, 2014 at 7:16 AM, Nikola Vulovic <nivukiki () gmail com> wrote:
I am trying snort for the first time, got a bit of panic. I suspect someone was trying to bruteforce ssh I have attached alert file, and rule that i made and lookup from ip $ geoiplookup -f /usr/share/GeoIP/GeoLiteCity.dat 194.102.58.6 GeoIP City Edition, Rev 1: RO, 10, Bucuresti, Bucharest, N/A, 44.433300, 26.100000, 0, 0 $ geoiplookup -d /usr/share/GeoIP/ 194.102.58.6 GeoIP Country Edition: RO, Romania GeoIP ASNum Edition: AS2614 Agentia de Administrare a Retelei Nationale de Informatica pentru Educatie si Cercetare Are my suspicions correct? -- Nikola Vulovic ------------------------------------------------------------------------------ Open source business process management suite built on Java and Eclipse Turn processes into business applications with Bonita BPM Community Edition Quickly connect people, data, and systems into organized workflows Winner of BOSSIE, CODIE, OW2 and Gartner awards http://p.sf.net/sfu/Bonitasoft _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
------------------------------------------------------------------------------ Open source business process management suite built on Java and Eclipse Turn processes into business applications with Bonita BPM Community Edition Quickly connect people, data, and systems into organized workflows Winner of BOSSIE, CODIE, OW2 and Gartner awards http://p.sf.net/sfu/Bonitasoft
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- possable ssh attack Nikola Vulovic (Jun 29)
- Re: possable ssh attack Jeremy Hoel (Jun 29)