Scribd
Upload
73 views1 page

Snort Rule for SSH Alert Setup

The snort rule was created in the local.rules file during setup to alert on any TCP connection from an external network to port 22 on the home network, with the message "SSH connection attempt" and a sid of 19559. When tested, the rule triggered as expected.

Uploaded by

api-393275254
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
73 views1 page

Snort Rule for SSH Alert Setup

The snort rule was created in the local.rules file during setup to alert on any TCP connection from an external network to port 22 on the home network, with the message "SSH connection attempt" and a sid of 19559. When tested, the rule triggered as expected.

Uploaded by

api-393275254
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 1

The snort rule was created in the local.rules file created during the setup.

The command was alert tcp $EXTERNAL_NET any -> $HOME_NET 22 (msg:“SSH
connection attempt”; sid:19559; rev:1;)
When tested the following occurred:

You might also like