[Bro] Bro detection scripts
johanna at icir.org
Mon Nov 28 14:54:37 PST 2016
since the ftp bruteforcing / ssh password guessing scripts are policy
scripts, they are not loaded by default.
If you invoke bro via command-line, just add
protocols/ftp/detect-bruteforcing.bro to your command line. If you use
broctl, the ssh bruteforce detector should be loaded by default; you have
to add the ftp one to local.bro.
If the notices still do not show up afterwards, you might need to tweak
the thresholds of the different scripts.
I hope this helps,
On Mon, Nov 21, 2016 at 12:28:16AM +0200, abdulrahman musallam wrote:
> when i perform an TCP port scanning on my machine Bro raises a notice
> immediately to notice.log and this notice is raised by scan.bro script
> that detect scanning, such scripts exist for FTP brute forcing and SSH
> password guessing but when i perform any of these attacks (FTP brute
> forcing and SSH password guessing) it won't show anything in notice log
> that indicates any occurrence of them!! could someone please help me with
> this problem! HOW TO INVOKE BRO DETECTION SCRIPTS??
> Bro mailing list
> bro at bro-ids.org
More information about the Bro