We have a very simple alert for SSH Scans: Filter: dst port 22 Conditions based on total flow summary: Total flows > 500
Can be improved but works ;-). El Tuesday 02 September 2008 17:28:00 Donnelly, Michael (OFT) escribió: > I was wondering if anyone has any creative or interesting alerts > > they would be willing to share with the list ? > -------------------------------------------------------- > This e-mail, including any attachments, may be confidential, privileged or > otherwise legally protected. It is intended only for the addressee. If you > received this e-mail in error or from someone who was not authorized to > send it to you, do not disseminate, copy or otherwise use this e-mail or > its attachments. Please notify the sender immediately by reply e-mail and > delete the e-mail from your system.
signature.asc
Description: This is a digitally signed message part.
------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/
_______________________________________________ Nfsen-discuss mailing list Nfsen-discuss@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nfsen-discuss
