[Snort-sigs] ET SCAN LibSSH Based Frequent SSH Connections Likely BruteForce Attack

wkitty42 at ...3507... wkitty42 at ...3507...
Mon Feb 29 12:37:23 EST 2016


On 02/29/2016 08:08 AM, ARUN LAL wrote:
> Currently we are facing BruteForce Attack from server IP's to our server and
> our IP tables didn't block any IP. Could you please suggest in which rule i
> need to add in the snort(Please mention config file).

there is no way to suggest anything without /any/ data to work with... have you 
read the FAQ? specifically the section about the mailing lists and how to get 
answers to your questions??

   https://www.snort.org/faq

-- 
  NOTE: No off-list assistance is given without prior approval.
        *Please keep mailing list traffic on the list* unless
        private contact is specifically requested and granted.




More information about the Snort-sigs mailing list