Home page logo
/

snort logo Snort mailing list archives

Re: brute force
From: waldo kitty <wkitty42 () windstream net>
Date: Mon, 24 Jun 2013 12:15:32 -0400

On 6/23/2013 17:41, Balla István wrote:
Hello,

I have a question about how Snort detects and prevent brute force attacks.
E.g.: I use hydra to bruteforce a remote SSH server knowing the username and
going thru a list of possible pwds.

rules would be written either with thresholds built into them or one would use 
the threshold.conf file on those rules... this to be able to quantify the number 
of attempts within X period of time...

-- 
NOTE: No off-list assistance is given without prior approval.
       Please keep mailing list traffic on the list unless
       private contact is specifically requested and granted.

------------------------------------------------------------------------------
This SF.net email is sponsored by Windows:

Build for Windows Store.

http://p.sf.net/sfu/windows-dev2dev
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

  By Date           By Thread  

Current thread:
  • brute force Balla István (Jun 24)
    • Re: brute force waldo kitty (Jun 24)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]