Snort mailing list archives

SNORT Rule for netbios brute force break-in

From: "Robert Caplan" <rjc7001 () dbmi columbia edu>
Date: Wed, 11 Feb 2004 09:57:10 -0500

My network administrators are constantly flooded with requests to reset Windows accounts which have been locked out 
because of brute force/dictionary breakin accounts on the netbios port.  Intrudors are able to enumerate the usernames 
and by brute force attempt to gain access.  Does anyone know of a Snort rule which will detect this behavior?

Thanks,

Robert Caplan

Current thread:

SNORT Rule for netbios brute force break-in Robert Caplan (Feb 11)
- <Possible follow-ups>
- RE: SNORT Rule for netbios brute force break-in Shaffer, Paul D (Feb 11)
- SNORT Rule for netbios brute force break-in Robert Caplan (Feb 11)
- RE: SNORT Rule for netbios brute force break-in larosa, vjay (Feb 11)
  - Base 64 encoding phorvati (Mar 04)