[Snort-users] brute force

waldo kitty wkitty42 at ...14940...
Mon Jun 24 12:15:32 EDT 2013

On 6/23/2013 17:41, Balla István wrote:
> Hello,
> I have a question about how Snort detects and prevent brute force attacks.
> E.g.: I use hydra to bruteforce a remote SSH server knowing the username and
> going thru a list of possible pwds.

rules would be written either with thresholds built into them or one would use 
the threshold.conf file on those rules... this to be able to quantify the number 
of attempts within X period of time...

NOTE: No off-list assistance is given without prior approval.
       Please keep mailing list traffic on the list unless
       private contact is specifically requested and granted.

More information about the Snort-users mailing list