[Snort-users] SSH brute force!

M. Shirk shirkdog_list at ...125...
Fri Sep 22 12:59:00 EDT 2006

Wrong list, this is a bleeding-snort issue.

It refers to a flow bit being set for ssh.brute.force, but never being 
cleared by any rule in your signature set.


>From: Zakai Kinan <titanyen2000 at ...131...>
>To: Snort Users <snort-users at lists.sourceforge.net>
>Subject: [Snort-users] SSH brute force!
>Date: Thu, 21 Sep 2006 16:01:45 -0700 (PDT)
>What does this warning mean?
>Warning: flowbits key 'ssh.brute.attempt' is set but
>not ever checked.  I don't get any ssh brute force
>attempts in logs.  I do see attempts in the server
>Do You Yahoo!?
>Tired of spam?  Yahoo! Mail has the best spam protection around
>Take Surveys. Earn Cash. Influence the Future of IT
>Join SourceForge.net's Techsay panel and you'll get the chance to share 
>opinions on IT & business topics through brief surveys -- and earn cash
>Snort-users mailing list
>Snort-users at lists.sourceforge.net
>Go to this URL to change user options or unsubscribe:
>Snort-users list archive:

Try the new Live Search today!  

More information about the Snort-users mailing list