Snort mailing list archives
Re: Brute force attacks
From: Jose Maria Lopez <jkerouac () bgsec com>
Date: 15 Jan 2005 23:20:10 +0100
El sáb, 15 de 01 de 2005 a las 08:45, David Jiménez Domínguez escribió:
Hi list!!!! Somebody could help me.... How do I configure snort (2.2.0 or 2.3) in order to detect brute force attacks against services like ssh, telnet or mysql??? Thanks
I don't think you can use snort to detect this kind of attacks, because they are seen by the IPS as normal connections if they are made in a not very quick pattern. You could use rate limiting rules with iptables for this ports to stop very quick attacks with lots of dictionary attacks or maybe the -m recent iptables feature can be useful to you. But at least I don't know the way to detect or stop this attacks with snort. Regards. -- Jose Maria Lopez Hernandez Director Tecnico de bgSEC jkerouac () bgsec com bgSEC Seguridad y Consultoria de Sistemas Informaticos http://www.bgsec.com ESPAÑA The only people for me are the mad ones -- the ones who are mad to live, mad to talk, mad to be saved, desirous of everything at the same time, the ones who never yawn or say a commonplace thing, but burn, burn, burn like fabulous yellow Roman candles. -- Jack Kerouac, "On the Road" ------------------------------------------------------- The SF.Net email is sponsored by: Beat the post-holiday blues Get a FREE limited edition SourceForge.net t-shirt from ThinkGeek. It's fun and FREE -- well, almost....http://www.thinkgeek.com/sfshirt _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Brute force attacks David Jiménez Domínguez (Jan 15)
- Re: Brute force attacks Jose Maria Lopez (Jan 15)
- Re: Brute force attacks James Riden (Jan 15)
- Re: Brute force attacks Jose Maria Lopez (Jan 17)
- ISS vs Snort Theodore Stout (Jan 17)
- Re: Brute force attacks Jose Maria Lopez (Jan 17)