[Snort-sigs] SSH brute force attack sig

Nigel Houghton nigel at ...435...
Thu Jul 7 08:36:16 EDT 2005


On  0, Matt Jonkman <matt at ...2436...> allegedly wrote:
> True, but we're still not able to use those events to respond or block.

You seem rather set on this course of action. I do not think that an
automated response to portscans is a very wise idea at all. But that's
just my $0.02.

> Nor can we set different thresholds for different ports or port ranges.

Interesting idea.

+--------------------------------------------------------------------+
     Nigel Houghton      Research Engineer       Sourcefire Inc.
                   Vulnerability Research Team

 I require a window seat and an inflight Happy Meal, and no pickles! 
 God help you if I find pickles!




More information about the Snort-sigs mailing list