[Snort-sigs] Using snort to stop SMTP dictionary attacks]
hackerwacker at ...1558...
Wed Jun 4 16:55:10 EDT 2003
My experience with dictionary attacks is they come at a great rate of speed.
They are also launched for other peoples servers. So resetting will be a lot of
packets & unless the placement of the of the Snort box is ideal you will need
RST's back to your mail server, also. A lot o packets.
Consider Snort in line, however, it is up to you to write a rule that can fire
on a dictionary attack.
We use the Postini service for this.
More information about the Snort-sigs