2006546 < Main < EmergingThreats

Main Web>2006546 (2016-04-19, RadoslavMilanov) (raw view)
 <h2>
 

alert ssh $EXTERNAL_NET any -> $HOME_NET 22 (msg:"ET SCAN LibSSH Based Frequent SSH Connections Likely BruteForce Attack"; flow:established,to_server; content:"SSH-"; content:"libssh"; within:20; threshold: type both, count 5, seconds 30, track by_src; reference:url,doc.emergingthreats.net/2006546; classtype:attempted-admin; sid:2006546; rev:9; metadata:created_at 2010_07_30, updated_at 2010_07_30;)

</h2>

Added 2018-09-13 19:39:14 UTC


 %COMMENT{type="threadmode" default="Please enter documentation, comments, false positives, or concerns with this signature. Press the Attach button below to add samples or Pcaps." button="Add to Documentation" }%
 
 <hr>
 


 <h2>
 


</h2>

Added 2018-09-13 17:53:30 UTC


 
 <hr>
 


 <h2>
 

alert ssh $EXTERNAL_NET any -> $HOME_NET 22 (msg:"ET SCAN LibSSH Based Frequent SSH Connections Likely BruteForce Attack"; flow:established,to_server; content:"SSH-"; content:"libssh"; within:20; threshold: type both, count 5, seconds 30, track by_src; reference:url,doc.emergingthreats.net/2006546; classtype:attempted-admin; sid:2006546; rev:9; metadata:created_at 2010_07_30, updated_at 2010_07_30;)

</h2>

Added 2017-08-07 20:59:45 UTC


 
 <hr>
 


 <h2>
 

alert ssh $EXTERNAL_NET any -> $HOME_NET 22 (msg:"ET SCAN LibSSH Based Frequent SSH Connections Likely BruteForce Attack"; flow:established,to_server; content:"SSH-"; content:"libssh"; within:20; threshold: type both, count 5, seconds 30, track by_src; reference:url,doc.emergingthreats.net/2006546; classtype:attempted-admin; sid:2006546; rev:9;)

</h2>

Added 2015-04-15 11:57:49 UTC


 

This rule is preventing x2go client connection to x2goserver

-- Main.RadoslavMilanov - 2016-04-19
 
 <hr>
 


 <h2>
 

alert tcp $EXTERNAL_NET any -> $HOME_NET 22 (msg:"ET SCAN LibSSH Based Frequent SSH Connections Likely BruteForce Attack!"; flow:established,to_server; content:"SSH-"; content:"libssh"; within:20; threshold: type both, count 5, seconds 30, track by_src; reference:url,doc.emergingthreats.net/2006546; classtype:attempted-admin; sid:2006546; rev:5;)

</h2>

Added 2011-10-12 19:20:58 UTC


 
 <hr>
 


 <h2>
 

alert tcp $EXTERNAL_NET any -> $HOME_NET 22 (msg:"ET SCAN LibSSH Based Frequent SSH Connections Likely BruteForce Attack!"; flow:established,to_server; content:"SSH-"; content:"libssh"; within:20; threshold: type both, count 5, seconds 30, track by_src; classtype:attempted-admin; reference:url,doc.emergingthreats.net/2006546; sid:2006546; rev:5;)

</h2>

Added 2011-09-14 22:34:30 UTC


 
 <hr>
 


 <h2>
 

alert tcp $EXTERNAL_NET any -> $HOME_NET 22 (msg:"ET SCAN LibSSH Based Frequent SSH Connections Likely BruteForce Attack!"; flow:established,to_server; content:"SSH-"; content:"libssh"; within:20; threshold: type both, count 5, seconds 30, track by_src; classtype:attempted-admin; reference:url,doc.emergingthreats.net/2006546; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/SCAN/SCAN_SSH_Brute_Force; sid:2006546; rev:5;)

</h2>

Added 2011-02-04 17:25:29 UTC


 
 <hr>
 


 <h2>
 

alert tcp $EXTERNAL_NET any -> $HOME_NET 22 (msg:"ET SCAN LibSSH Based Frequent SSH Connections Likely BruteForce Attack!"; flow:established,to_server; content:"SSH-"; content:"libssh"; within:20; threshold: type both, count 5, seconds 30, track by_src; classtype:attempted-admin; reference:url,doc.emergingthreats.net/2006546; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/SCAN/SCAN_SSH_Brute_Force; sid:2006546; rev:5;)

</h2>

Added 2009-02-12 18:21:19 UTC


 
 <hr>
 


 <h2>
 

alert tcp $EXTERNAL_NET any -> $HOME_NET 22 (msg:"ET SCAN LibSSH Based Frequent SSH Connections Likely BruteForce Attack!"; flow:established,to_server; content:"SSH-"; content:"libssh"; within:20; threshold: type both, count 5, seconds 30, track by_src; classtype:attempted-admin; reference:url,doc.emergingthreats.net/2006546; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/SCAN/SCAN_SSH_Brute_Force; sid:2006546; rev:5;)

</h2>

Added 2009-02-12 18:21:19 UTC


 
 <hr>
 


 <h2>
 

alert tcp $EXTERNAL_NET any -> $HOME_NET 22 (msg:"ET SCAN LibSSH Based Frequent SSH Connections Likely BruteForce Attack!"; flow:established,to_server; content:"SSH-"; content:"libssh"; within:20; threshold: type both, count 5, seconds 30, track by_src; classtype:attempted-admin; sid:2006546; rev:4;)

</h2>

Added 2008-06-06 20:49:04 UTC


 
 <hr>
 


 <h2>
 

alert tcp $EXTERNAL_NET any -> $HOME_NET 22 (msg:"ET SCAN LibSSH Based Frequent SSH Connections Likely BruteForce Attack!"; flow:established,to_server; content:"SSH-"; content:"libssh"; within:20; threshold: type both, count 5, seconds 30, track by_src; classtype:attempted-admin; sid:2006546; rev:4;)

</h2>

Added 2008-06-06 20:49:04 UTC


 
 <hr>
 


 <h2>
 

alert tcp $EXTERNAL_NET any -> $HOME_NET 22 (msg:"ET SCAN LibSSH Based Frequent SSH Connections -- Likely BruteForce Attack!"; flow:established,to_server; content:"SSH-"; content:"libssh"; within:20; threshold: type both, count 5, seconds 30, track by_src; classtype:attempted-admin; sid:2006546; rev:3;)

</h2>

Added 2008-03-26 19:08:25 UTC


 
 <hr>
 


 <h2>
 

alert tcp $EXTERNAL_NET any -> $HOME_NET 22 (msg:"ET SCAN LibSSH Based Frequent SSH Connections -- Likely BruteForce Attack!"; flow:established,to_server; content:"SSH-"; content:"libssh"; within:20; threshold: type both, count 5, seconds 30, track by_src; classtype:attempted-admin; sid:2006546; rev:3;)

</h2>

Added 2008-03-26 19:08:25 UTC


 
 <hr>
 


 <h2>
 

alert tcp $EXTERNAL_NET any -> $HOME_NET 22 (msg:"ET SCAN LibSSH Based Frequent SSH Connections -- Likely BruteForce Attack!"; flow:established,to_server; content:"SSH-"; content:"libssh"; within:20; threshold: type both, count 5, seconds 60, track by_src; classtype:attempted-admin; sid:2006546; rev:2;)

</h2>

Added 2008-01-29 10:56:40 UTC


 
 <hr>
 


 <h2>
 

alert tcp $EXTERNAL_NET any -> $HOME_NET 22 (msg:"ET SCAN LibSSH Based Frequent SSH Connections -- Likely BruteForce Attack!"; flow:established,to_server; content:"SSH-"; content:"libssh"; within:20; threshold: type both, count 5, seconds 60, track by_src; classtype:attempted-admin; sid:2006546; rev:2;)

</h2>

Added 2008-01-29 10:56:40 UTC


 
 <hr>
 


 <h2>
 

alert tcp $EXTERNAL_NET any -> $HOME_NET 22 (msg:"BLEEDING-EDGE SCAN LibSSH Based Frequent SSH Connections -- Likely BruteForce Attack!"; flow:established,to_server; content:"SSH-"; content:"libssh"; within:20; threshold: type both, count 5, seconds 60, track by_src; classtype:attempted-admin; sid:2006546; rev:1;)

</h2>

Added 2007-08-01 23:46:21 UTC


 
 
 <hr>
Topic revision: r2 - 2016-04-19 - RadoslavMilanov
Main
User Reference
ATasteOfTWiki
TextFormattingRules
Signature Reference
WebRss Feed
EmergingFAQ