I am trying to convert this snort sig and would like to shun the attacker. alert tcp any any -> $HOME_NET 22 (msg:"BLEEDING-EDGE Potential SSH Brute Force Attack"; flow:to_server,established; flags:S; threshold:type limit, track by_src, count 5, seco...