[Bro] SSH login brute force

Seth Hall hall.692 at osu.edu
Thu Jun 11 10:50:05 PDT 2009

On Jun 11, 2009, at 1:44 PM, Seth Hall wrote:

> Recently, I've been looking through some SSH traces trying to find a
> more refined heuristic because if someone logs in and then logs out
> again right away, it's likely the server will cross the byte count
> threshold and a successful connection will be marked as unsuccessful.

Oops, make that "...will *not* cross the byte count..."


More information about the Bro mailing list