Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Writing a rule for Brute force attacks

From: Matt Kettler <mkettler () evi-inc com>
Date: Mon, 10 Mar 2003 13:31:07 -0500
I don't think I can write such a rule offhand, however the tagging feature of newer versions of SpamAssassin should in theory let you do things like this.
Since this is a relatively new SA feature, I don't have a lot of experience working with it. I'm more handy with the "classic" types of snort rules, which match a single packet to a pattern. 

At 12:53 AM 3/10/2003 +0800, Daniel Ng wrote:
Hi all, is there a way to write a rule that is able to consolidate and detect a few hundred SNMP brute force attacks as one??? Could you kindly list it out for me? thanks... 



-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: