Re: Brute force attacks

[Jose Maria Lopez <jkerouac () bgsec com>]

El sáb, 15 de 01 de 2005 a las 08:45, David Jiménez Domínguez escribió:
> Hi list!!!!
>
>
> Somebody could help me.... How do I configure snort (2.2.0 or 2.3) in
> order to detect brute force attacks against services like ssh, telnet
> or mysql???
>
>
> Thanks

I don't think you can use snort to detect this kind of attacks, because
they are seen by the IPS as normal connections if they are made in a not
very quick pattern. You could use rate limiting rules with iptables for
this ports to stop very quick attacks with lots of dictionary attacks or
maybe the -m recent iptables feature can be useful to you. But at least
I don't know the way to detect or stop this attacks with snort.

Regards.

-- 
Jose Maria Lopez Hernandez
Director Tecnico de bgSEC
jkerouac () bgsec com
bgSEC Seguridad y Consultoria de Sistemas Informaticos
http://www.bgsec.com
ESPAÑA

The only people for me are the mad ones -- the ones who are mad to live,
mad to talk, mad to be saved, desirous of everything at the same time,
the ones who never yawn or say a commonplace thing, but burn, burn, burn
like fabulous yellow Roman candles.
                -- Jack Kerouac, "On the Road"



-------------------------------------------------------
The SF.Net email is sponsored by: Beat the post-holiday blues
Get a FREE limited edition SourceForge.net t-shirt from ThinkGeek.
It's fun and FREE -- well, almost....http://www.thinkgeek.com/sfshirt
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users