[Snort-sigs] Trouble in triggering the snort rule to detect FTP Brute Force attack

evilghost at ...3397... evilghost at ...3397...
Mon Apr 12 10:18:51 EDT 2010

Nothing in what Manju said could I even loosely interpret as a homework 
question.  I'm not going to take this thread off-topic but Nigel's 
response was unprofessional, unwarranted, and certainly not something I 
would construe as being in alignment with the rationale behind the 
snort-sigs discussion list to begin with.

It seems to me that Manju asked a legitimate question and was getting 
some good help then Nigel came in and adding nothing but accusations.  I 
guess he had a bad weekend and felt the need to lash out.  Perhaps he 
couldn't source an iPad after long hours of camping out.


Joel Esler wrote:
> On Apr 12, 2010, at 9:54 AM, "evilghost at ...3397..." <evilghost at ...3397...> wrote:
>>> This looks suspiciously like a question from a student on a course
>>> that includes Snort in it. i.e. A contrived situation.
>>> The answers you seek are in the snort manual, the README files and the
>>> many other sources of information on the Internet.
>> Manjushree just try not to put too much faith in the manual since it 
>> seems like it was a task assigned to a student in a course that includes 
>> Snort and the student was ESL.
> Evilghost, we get the same series of questions every year, and the professors of these classes appreciate it when we don't specifically provide the answer.
> As for the manual, we are going to be taking a look at that in the upcoming timeframe and really trying to make it as best as we can, until then, please continue to provide the little things like colons and spaces in the wrong places. That helps. 
> J 

More information about the Snort-sigs mailing list