Re: [Snort-users] SSH brute force!
This is a discussion on Re: [Snort-users] SSH brute force! within the Snort forums, part of the System Security and Security Related category; Wrong list, this is a bleeding-snort issue. It refers to a flow bit being set for ssh.brute.force, ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
09-22-2006
|
|||
|
|||
Re: [Snort-users] SSH brute force!
Wrong list, this is a bleeding-snort issue.
It refers to a flow bit being set for ssh.brute.force, but never being cleared by any rule in your signature set. Shirkdog http://www.shirkdog.us >From: Zakai Kinan <titanyen2000@yahoo.com> >To: Snort Users <snort-users@lists.sourceforge.net> >Subject: [Snort-users] SSH brute force! >Date: Thu, 21 Sep 2006 16:01:45 -0700 (PDT) > >What does this warning mean? > >Warning: flowbits key 'ssh.brute.attempt' is set but >not ever checked. I don't get any ssh brute force >attempts in logs. I do see attempts in the server >logs. > > >TIA, > > >ZK > >_________________________________________________ _ >Do You Yahoo!? >Tired of spam? Yahoo! Mail has the best spam protection around >http://mail.yahoo.com > >------------------------------------------------------------------------- >Take Surveys. Earn Cash. Influence the Future of IT >Join SourceForge.net's Techsay panel and you'll get the chance to share >your >opinions on IT & business topics through brief surveys -- and earn cash >http://www.techsay.com/default.php?p...rge&CID=DEVDEV >_______________________________________________ >Snort-users mailing list >Snort-users@lists.sourceforge.net >Go to this URL to change user options or unsubscribe: >https://lists.sourceforge.net/lists/...fo/snort-users >Snort-users list archive: >http://www.geocrawler.com/redir-sf.p...st=snort-users __________________________________________________ _______________ Try the new Live Search today! http://imagine-windowslive.com/minis...us&FORM=WLMTAG ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys -- and earn cash http://www.techsay.com/default.php?p...rge&CID=DEVDEV _______________________________________________ Snort-users mailing list Snort-users@lists.sourceforge.net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/...fo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.p...st=snort-users 
|
 |
«
Previous Thread
|
Next Thread
»
| Thread Tools | |
| Display Modes | |
Linear Mode
|
|
All times are GMT +1. The time now is 05:52 PM.
