Snort mailing list archives
Re: Writing a rule for Brute force attacks
From: Matt Kettler <mkettler () evi-inc com>
Date: Mon, 10 Mar 2003 13:31:07 -0500
I don't think I can write such a rule offhand, however the tagging feature of newer versions of SpamAssassin should in theory let you do things like this.
Since this is a relatively new SA feature, I don't have a lot of experience working with it. I'm more handy with the "classic" types of snort rules, which match a single packet to a pattern.
At 12:53 AM 3/10/2003 +0800, Daniel Ng wrote:
Hi all, is there a way to write a rule that is able to consolidate and detect a few hundred SNMP brute force attacks as one??? Could you kindly list it out for me? thanks...
------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Writing a rule for Brute force attacks Daniel Ng (Mar 09)
- Re: Writing a rule for Brute force attacks Matt Kettler (Mar 10)