Snort mailing list archives
SNORT Rule for netbios brute force break-in
From: "Robert Caplan" <Robert.Caplan () dbmi columbia edu>
Date: Wed, 11 Feb 2004 09:53:14 -0500
My network administrators are constantly flooded with requests to reset Windows accounts which have been locked out because of brute force/dictionary breakin accounts on the netbios port. Intrudors are able to enumerate the usernames and by brute force attempt to gain access. Does anyone know of a Snort rule which will detect this behavior? Thanks, Robert Caplan
Current thread:
- SNORT Rule for netbios brute force break-in Robert Caplan (Feb 11)
- <Possible follow-ups>
- RE: SNORT Rule for netbios brute force break-in Shaffer, Paul D (Feb 11)
- SNORT Rule for netbios brute force break-in Robert Caplan (Feb 11)
- RE: SNORT Rule for netbios brute force break-in larosa, vjay (Feb 11)
- Base 64 encoding phorvati (Mar 04)