[Bro] SSH login brute force
Adayadil Thomas
adayadil.thomas at gmail.com
Thu Jun 11 08:48:58 PDT 2009
Thanks for the info, Seth
Can you point me to any info/document/link that you may have used for
your approach.
for e.g. about how you set
authentication_data_size = 5500
I am trying to understand how a brute force attempt can be
distinguished from a normal
client server communication since both are encrypted?
On Thu, Jun 11, 2009 at 11:29 AM, Seth Hall <hall.692 at osu.edu> wrote:
>
> On Jun 11, 2009, at 10:38 AM, Adayadil Thomas wrote:
>
>> Does bro detect SSH brute force login attempts?
>
> My ssh-ext.bro script at the following link does, but it could certainly be improved.
>
> http://github.com/sethhall/bro_scripts/tree/master
>
> .Seth
>
> ---
> Seth Hall
> Network Security - Office of the CIO
> The Ohio State University
> Phone: 614-292-9721
>
More information about the Bro
mailing list