Snort mailing list archives
Re: brute force
From: waldo kitty <wkitty42 () windstream net>
Date: Mon, 24 Jun 2013 12:15:32 -0400
On 6/23/2013 17:41, Balla István wrote:
Hello, I have a question about how Snort detects and prevent brute force attacks. E.g.: I use hydra to bruteforce a remote SSH server knowing the username and going thru a list of possible pwds.
rules would be written either with thresholds built into them or one would use the threshold.conf file on those rules... this to be able to quantify the number of attempts within X period of time... -- NOTE: No off-list assistance is given without prior approval. Please keep mailing list traffic on the list unless private contact is specifically requested and granted. ------------------------------------------------------------------------------ This SF.net email is sponsored by Windows: Build for Windows Store. http://p.sf.net/sfu/windows-dev2dev _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- brute force Balla István (Jun 24)
- Re: brute force waldo kitty (Jun 24)