Snort mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Are there any rules out there to alert for a TH C-Hydra scan?

From: Steve Halligan <shalligan () 333tech com>
Date: Tue, 25 Mar 2003 09:47:16 -0600


I ran across a program from www.thehackerschoice.com (hydra)
and am inquiring as to whether Snort will pick up any 
malicious activity from this password-cracking tool? 


Brute forcing user/password combo's looks exactly like a user actually
trying to log in, except with a huge increase in volume.  Since Snort,
at this point, does not have the ability to put thresholds into rules
(ie. only alert if there a x rule matches in y time), the only way to
alert on something like this, would be to alert on ALL failed user login
attempts.

What a fail user login attempt looks like, and therefore what the rule
would look like, depends on your system/services/setup.


-------------------------------------------------------
This SF.net email is sponsored by:
The Definitive IT and Networking Event. Be There!
NetWorld+Interop Las Vegas 2003 -- Register today!
http://ads.sourceforge.net/cgi-bin/redirect.pl?keyn0001en
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: