[Snort-sigs] Using snort to stop SMTP dictionary attacks]

james hackerwacker at ...1558...
Wed Jun 4 16:55:10 EDT 2003


My experience with dictionary attacks is they come at a great rate of speed.
They are also launched for other peoples servers. So resetting will be a lot of
packets & unless the placement of the of the Snort box is ideal you will need
RST's back to your mail server, also. A lot o packets.

Consider Snort in line, however, it is up to you to write a rule that can fire
on a dictionary attack.

We use the Postini service for this.

james




More information about the Snort-sigs mailing list