Snort mailing list archives

ET SCAN LibSSH Based Frequent SSH Connections Likely BruteForce Attack

From: ARUN LAL <arunlal7701 () gmail com>
Date: Mon, 29 Feb 2016 18:38:04 +0530

Hi All,


Currently we are facing BruteForce Attack from server IP's to our server
and our IP tables didn't block any IP. Could you please suggest in which
rule i need to add in the snort(Please mention config file).

------------------------------------------------------------------------------
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140

_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
http://www.snort.org


Please visit http://blog.snort.org for the latest news about Snort!

Current thread:

ET SCAN LibSSH Based Frequent SSH Connections Likely BruteForce Attack ARUN LAL (Feb 29)
- Re: ET SCAN LibSSH Based Frequent SSH Connections Likely BruteForce Attack wkitty42 (Feb 29)