🐾 - 🚨 Suspicious 👀 non SSH trafic on usual SSH port - Suricata Rule 3300306 (pawpatrules)

🐾 - 🚨 Suspicious 👀 non SSH trafic on usual SSH port

SID: 3300306Rev: 51 views

Sourcepawpatrules

CreatedFebruary 11, 2022

UpdatedJune 15, 2022

Classificationpolicy-violation

alert tcp any any -> any [22,830] (msg:"🐾 - 🚨 Suspicious 👀 non SSH trafic on usual SSH port"; flow:to_server, stateless; app-layer-protocol:!ssh; threshold:type limit, track by_src, seconds 60, count 1; reference:url,https://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers; metadata:created_at 2022_02_11, updated_at 2022_06_15; sid:3300306; rev:5; classtype:policy-violation;)

References

url	https://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers

Metadata

created at2022_02_11

updated at2022_06_15

Comments (0)

Please sign in to leave a comment.

No comments yet. Be the first to comment!