[Snort-sigs] SSH brute force attack sig

Jeff Kell jeff-kell at ...922...
Thu Jul 7 08:40:58 EDT 2005


Matt Jonkman wrote:
> True, but we're still not able to use those events to respond or block.
> Nor can we set different thresholds for different ports or port ranges.

And P2P searches drive sfportscan nuts, making it essentially useless here.

Jeff





More information about the Snort-sigs mailing list