[Snort-sigs] SSH brute force attack sig
pauls at ...1311...
Thu Jul 7 08:56:00 EDT 2005
--On Thursday, July 07, 2005 11:37:34 -0400 Jeff Kell <jeff-kell at ...922...>
> Matt Jonkman wrote:
>> True, but we're still not able to use those events to respond or block.
>> Nor can we set different thresholds for different ports or port ranges.
> And P2P searches drive sfportscan nuts, making it essentially useless
Ditto. We don't monitor any portscans at all, because we get those
routinely and constantly. And as Russell said, we've focused on certain
things - our population of "curious" and/or clueless stud^H^H^H^Hpeople.
Paul Schmehl (pauls at ...1311...)
Adjunct Information Security Officer
University of Texas at Dallas
AVIEN Founding Member
More information about the Snort-sigs