[Snort-sigs] SSH brute force attack sig

Paul Schmehl pauls at ...1311...
Thu Jul 7 08:56:00 EDT 2005


--On Thursday, July 07, 2005 11:37:34 -0400 Jeff Kell <jeff-kell at ...922...> 
wrote:

> Matt Jonkman wrote:
>> True, but we're still not able to use those events to respond or block.
>> Nor can we set different thresholds for different ports or port ranges.
>
> And P2P searches drive sfportscan nuts, making it essentially useless
> here.
>
Ditto.  We don't monitor any portscans at all, because we get those 
routinely and constantly.  And as Russell said, we've focused on certain 
things - our population of "curious" and/or clueless stud^H^H^H^Hpeople.

Paul Schmehl (pauls at ...1311...)
Adjunct Information Security Officer
University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu/ir/security/




More information about the Snort-sigs mailing list