Snort mailing list archives
Re: ET SCAN LibSSH Based Frequent SSH Connections Likely BruteForce Attack
From: wkitty42 () windstream net
Date: Mon, 29 Feb 2016 12:37:23 -0500
On 02/29/2016 08:08 AM, ARUN LAL wrote:
Currently we are facing BruteForce Attack from server IP's to our server and our IP tables didn't block any IP. Could you please suggest in which rule i need to add in the snort(Please mention config file).
there is no way to suggest anything without /any/ data to work with... have you read the FAQ? specifically the section about the mailing lists and how to get answers to your questions?? https://www.snort.org/faq -- NOTE: No off-list assistance is given without prior approval. *Please keep mailing list traffic on the list* unless private contact is specifically requested and granted. ------------------------------------------------------------------------------ Site24x7 APM Insight: Get Deep Visibility into Application Performance APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month Monitor end-to-end web transactions and take corrective actions now Troubleshoot faster and improve end-user experience. Signup Now! http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140 _______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- ET SCAN LibSSH Based Frequent SSH Connections Likely BruteForce Attack ARUN LAL (Feb 29)
- Re: ET SCAN LibSSH Based Frequent SSH Connections Likely BruteForce Attack wkitty42 (Feb 29)