[Snort-users] SNORT Rule for netbios brute force break-in

Robert Caplan rjc7001 at ...11183...
Wed Feb 11 07:45:05 EST 2004


My network administrators are constantly flooded with requests to reset Windows accounts which have been locked out because of brute force/dictionary breakin accounts on the netbios port.  Intrudors are able to enumerate the usernames and by brute force attempt to gain access.  Does anyone know of a Snort rule which will detect this behavior?

Thanks,

Robert Caplan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20040211/f7f81cc9/attachment.html>


More information about the Snort-users mailing list