alert ssh $EXTERNAL_NET any -> $HOME_NET any (msg:"ET SCAN SSH BruteForce? Tool with fake PUTTY version"; flow:established,to_server; ssh.softwareversion:"PUTTY"; threshold: type limit, track by_src, count 1, seconds 30; metadata: former_category SCAN; classtype:network-scan; sid:2019876; rev:5; metadata:created_at 2014_12_05, updated_at 2017_12_01;)

Added 2017-12-01 17:37:46 UTC


alert ssh $EXTERNAL_NET any -> $HOME_NET any (msg:"ET SCAN SSH BruteForce? Tool with fake PUTTY version"; flow:established,to_server; ssh.softwareversion:"PUTTY"; threshold: type limit, track by_src, count 1, seconds 30; metadata: former_category SCAN; classtype:network-scan; sid:2019876; rev:5; metadata:created_at 2014_12_05, updated_at 2017_12_01;)

Added 2017-12-01 16:43:58 UTC


alert ssh $EXTERNAL_NET any -> $HOME_NET any (msg:"ET SCAN SSH BruteForce? Tool with fake PUTTY version"; flow:established,to_server; ssh.softwareversion:"PUTTY"; threshold: type limit, track by_src, count 1, seconds 30; classtype:network-scan; sid:2019876; rev:4; metadata:created_at 2014_12_05, updated_at 2014_12_05;)

Added 2017-08-07 21:14:14 UTC


alert ssh $EXTERNAL_NET any -> $HOME_NET any (msg:"ET SCAN SSH BruteForce? Tool with fake PUTTY version"; flow:established,to_server; ssh.softwareversion:"PUTTY"; threshold: type limit, track by_src, count 1, seconds 30; classtype:network-scan; sid:2019876; rev:4;)

Added 2014-12-05 18:20:58 UTC


Topic revision: r1 - 2017-12-01 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats