next up previous contents
Next: DNS Up: SSH Previous: Configuration   Contents

Example Configuration from snort.conf

Looks for attacks on SSH server port 22. Alerts at 19600 unacknowledged bytes within 20 encrypted packets for the Challenge-Response Overflow/CRC32 exploits. 

    preprocessor ssh: \
        server_ports { 22 } \
        max_client_bytes 19600 \
        max_encrypted_packets 20 \
        enable_respoverflow \
        enable_ssh1crc32


Eugene Misnik 2013-05-08