[Bro] Notice.log logs a Password_Guessing attempt but no logs in conn.log
fatema.bannatwala at gmail.com
Fri Jul 1 14:28:49 PDT 2016
So I had a weird situation at work today.
The notice.log file logged an IP for "SSH::Password_Guessing" with note as
"22.214.171.124 appears to be guessing SSH passwords (seen in 53 connections)".
But when I check conn.log file during that time period and grep that IP, I
just see single ssh established connection from that IP. I was assuming to
get 53 bad ssh connections logged in conn.lo file.
What am I missing here?
How can I confirm whether that IP was actually doing a SSH password
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Bro