Re: [psad-discuss] Brute force attacks and statistics
Brought to you by:
mbr
Menu
▾
▴
Re: [psad-discuss] Brute force attacks and statistics
|
From: Eli W. <el...@or...> - 2009-03-22 20:37:20
|
On Sunday 22 March 2009 21:15:47 Franck Joncourt wrote: > Hi, > > > With the brute force attack detectors, you can set up a whitelist not > > blocking IPs that you trust. > > Psad already handles that through the auto_dl file. An attempt to login, successful or otherwise, to your ftp server is legitimate traffic. Psad, from my understanding is not designed to handle brute force attempts to guess passwords. Psad can be configured to allow certain types of traffic normally considered a probe (ie ping, trying to access a closed port, etc). Even so, the number of, lets say pings to a server, would be configured relatively high. Brute force guesses of passwords should be configured relatively low. There is a big difference between the types of traffic. And should be handled differently. Anyway.... That's my two cents worth. Eli -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. |
