[Snort-sigs] Trouble in triggering the snort rule to detect FTP Brute Force attack

Joel Esler joel.esler at ...3366...
Mon Apr 12 10:13:19 EDT 2010

On Apr 12, 2010, at 9:54 AM, "evilghost at ...3397..." <evilghost at ...3397...> wrote:

>> This looks suspiciously like a question from a student on a course
>> that includes Snort in it. i.e. A contrived situation.
>> The answers you seek are in the snort manual, the README files and the
>> many other sources of information on the Internet.
> Manjushree just try not to put too much faith in the manual since it 
> seems like it was a task assigned to a student in a course that includes 
> Snort and the student was ESL.

Evilghost, we get the same series of questions every year, and the professors of these classes appreciate it when we don't specifically provide the answer.

As for the manual, we are going to be taking a look at that in the upcoming timeframe and really trying to make it as best as we can, until then, please continue to provide the little things like colons and spaces in the wrong places. That helps. 


More information about the Snort-sigs mailing list