Re: Invalid login attempts

[Anshuman Anil Deshmukh <anshuman () cybage com>]

Haven't received any reply on this.  I request experts to comment on this.



Thanks.



Regards,

Anshuman



From: Anshuman Anil Deshmukh [mailto:anshuman () cybage com]
Sent: Thursday, March 27, 2014 11:42 PM
To: snort-users () lists sourceforge net; emerging-sigs () emergingthreats net; emerging-sigs () lists emergingthreats 
net
Subject: [Snort-users] Invalid login attempts



Hi,



We are having a Snort test setup.  We are using free set of signatures (from Snort & ET) with Snort version 2.9.5 GRE - 
Build 103. Signatures were recently updated say 3-4 days before. We are updating signatures using the pre-defined rule 
set "Security" (Security over connectivity).



We have one question regarding detection of invalid login attempts for Sonicwall. Does Snort has signatures for 
detecting invalid login attempts to a SonicWall SSL VPN box (say for invalid login attempts while connecting to the VPN 
or somebody trying to bruteforcing the VPN box for admin credentials, both)? If yes, are signatures for it available in 
free set of signatures from Snort & ET? This question is because recently we have observed that Snort running with 
these signatures was unable to detect these activities.



Please let me know if there is any other information needed from my side for you to answer the said question.



Thanks.



Regards,

Anshuman




"Legal Disclaimer: This electronic message and all contents contain information from Cybage Software Private Limited 
which may be privileged, confidential, or otherwise protected from disclosure. The information is intended to be for 
the addressee(s) only. If you are not an addressee, any disclosure, copy, distribution, or use of the contents of this 
message is strictly prohibited. If you have received this electronic message in error please notify the sender by reply 
e-mail to and destroy the original message and all copies. Cybage has taken every reasonable precaution to minimize the 
risk of malicious content in the mail, but is not liable for any damage you may sustain as a result of any malicious 
content in this e-mail. You should carry out your own malicious content checks before opening the e-mail or 
attachment." www.cybage.com<http://www.cybage.com>



"Legal Disclaimer: This electronic message and all contents contain information from Cybage Software Private Limited 
which may be privileged, confidential, or otherwise protected from disclosure. The information is intended to be for 
the addressee(s) only. If you are not an addressee, any disclosure, copy, distribution, or use of the contents of this 
message is strictly prohibited. If you have received this electronic message in error please notify the sender by reply 
e-mail to and destroy the original message and all copies. Cybage has taken every reasonable precaution to minimize the 
risk of malicious content in the mail, but is not liable for any damage you may sustain as a result of any malicious 
content in this e-mail. You should carry out your own malicious content checks before opening the e-mail or 
attachment." 
www.cybage.com

------------------------------------------------------------------------------

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!