[Snort-users] SSH brute force!

M. Shirk shirkdog_list at ...125...
Fri Sep 22 12:59:00 EDT 2006


Wrong list, this is a bleeding-snort issue.

It refers to a flow bit being set for ssh.brute.force, but never being 
cleared by any rule in your signature set.

Shirkdog
http://www.shirkdog.us




>From: Zakai Kinan <titanyen2000 at ...131...>
>To: Snort Users <snort-users at lists.sourceforge.net>
>Subject: [Snort-users] SSH brute force!
>Date: Thu, 21 Sep 2006 16:01:45 -0700 (PDT)
>
>What does this warning mean?
>
>Warning: flowbits key 'ssh.brute.attempt' is set but
>not ever checked.  I don't get any ssh brute force
>attempts in logs.  I do see attempts in the server
>logs.
>
>
>TIA,
>
>
>ZK
>
>__________________________________________________
>Do You Yahoo!?
>Tired of spam?  Yahoo! Mail has the best spam protection around
>http://mail.yahoo.com
>
>-------------------------------------------------------------------------
>Take Surveys. Earn Cash. Influence the Future of IT
>Join SourceForge.net's Techsay panel and you'll get the chance to share 
>your
>opinions on IT & business topics through brief surveys -- and earn cash
>http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
>_______________________________________________
>Snort-users mailing list
>Snort-users at lists.sourceforge.net
>Go to this URL to change user options or unsubscribe:
>https://lists.sourceforge.net/lists/listinfo/snort-users
>Snort-users list archive:
>http://www.geocrawler.com/redir-sf.php3?list=snort-users

_________________________________________________________________
Try the new Live Search today!  
http://imagine-windowslive.com/minisites/searchlaunch/?locale=en-us&FORM=WLMTAG





More information about the Snort-users mailing list