[Bro] Notice.log logs a Password_Guessing attempt but no logs in conn.log
fatema bannatwala
fatema.bannatwala at gmail.com
Fri Jul 1 14:28:49 PDT 2016
Hi,
So I had a weird situation at work today.
The notice.log file logged an IP for "SSH::Password_Guessing" with note as
"50.123.48.2 appears to be guessing SSH passwords (seen in 53 connections)".
But when I check conn.log file during that time period and grep that IP, I
just see single ssh established connection from that IP. I was assuming to
get 53 bad ssh connections logged in conn.lo file.
What am I missing here?
How can I confirm whether that IP was actually doing a SSH password
guessing attempt?
Thanks,
Fatema.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20160701/f578495a/attachment.html
More information about the Bro
mailing list