[Snort-users] SNORT Rule for netbios brute force break-in
Robert.Caplan at ...11183...
Wed Feb 11 09:15:22 EST 2004
My network administrators are constantly flooded with requests to reset Windows accounts which have been locked out because of brute force/dictionary breakin accounts on the netbios port. Intrudors are able to enumerate the usernames and by brute force attempt to gain access. Does anyone know of a Snort rule which will detect this behavior?
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-users