[Bro] SSH login brute force

Adayadil Thomas adayadil.thomas at gmail.com
Thu Jun 11 08:48:58 PDT 2009

Thanks for the info, Seth

Can you point me to any info/document/link that you may have used for
your approach.
for e.g. about how you set
authentication_data_size = 5500

I am trying to understand how a brute force attempt can be
distinguished from a normal
client server communication since both are encrypted?

On Thu, Jun 11, 2009 at 11:29 AM, Seth Hall <hall.692 at osu.edu> wrote:
> On Jun 11, 2009, at 10:38 AM, Adayadil Thomas wrote:
>> Does bro detect SSH brute force login attempts?
> My ssh-ext.bro script at the following link does, but it could certainly be improved.
> http://github.com/sethhall/bro_scripts/tree/master
>  .Seth
> ---
> Seth Hall
> Network Security - Office of the CIO
> The Ohio State University
> Phone: 614-292-9721

More information about the Bro mailing list