Snort mailing list archives
More Info - brut force attack not detected
From: Anthony Geoffron <anthonyg () passinglane com>
Date: Thu, 26 Jul 2001 15:53:37 -0700
Actually my snort is setup as a firewall So I can see the packet coming. I was thinking about a simple brut force attack against an http access. Even it's old school... :) I was surprise that my snort did not see it. By the way, I can see how to design rules to block specific request Is there a way when you design rules to detect repetitive unusual attempt Anthony -----Original Message----- From: John Berkers [mailto:berjo () ozemail com au] Sent: Thursday, July 26, 2001 6:02 AM To: 'Anthony Geoffron'; snort-users () lists sourceforge net Subject: RE: [Snort-users] brut force attack not detected At the risk of sounding repetative (this has been discussed a few times on this list), is your snort box plugged into a switch? If so, make sure the port is configured as a monitor port. Also, what exactly is a "brute force" attack. Do you know if it actually matches one of the signatures? Regards, John Berkers berjo () ozemail com au -----Original Message----- From: snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net]On Behalf Of Anthony Geoffron Sent: Thursday, 26 July 2001 16:23 To: snort-users () lists sourceforge net Subject: [Snort-users] brut force attack not detected I installed snort 1.8 release everything 's working great but. When I'm doing a brut force attack on my server nothing is detected. I installed the last rules available on snort.org since it's a basic attack I was thinking it would have been coverer with one of the rules. Am I missing something? thks Anthony. _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- More Info - brut force attack not detected Anthony Geoffron (Jul 26)