5000119 < Main

Tags: view all tags
---++ alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[SYSLOG] Authentication failure - Brute force [25/1]"; pcre: "/failed to authorize|wrong password given|repeated login failures|authentication failed|authentication failures|access denied|access not allowed|failed to authenticate/i"; parse_src_ip: 1; parse_port; parse_proto; classtype: unsuccessful-user; after: track by_src, count 25, seconds 300; threshold: type limit, track by_src, count 1, seconds 86400; reference: url,wiki.quadrantsec.com/bin/view/Main/5000119; sid: 5000119; rev:11;)
---++

-- Main.Sagan-Wiki-Add - 2015-10-21
%COMMENT{type="threadmode" default="Please enter documentation or concerns with this signature." button="Add to Documentation" }%


New revisions of 5000119 will be below...

---++ alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[SYSLOG] Authentication failure - Brute force [25/1]"; pcre: "/failed to authorize|wrong password given|repeated login failures|authentication failed|authentication failures|access denied|access not allowed|failed to authenticate/i"; parse_src_ip: 1; parse_port; parse_proto; classtype: unsuccessful-user; after: track by_src, count 25, seconds 300; threshold: type limit, track by_src, count 1, seconds 86400; flowbits: set,brute_force,21600; reference: url,wiki.quadrantsec.com/bin/view/Main/5000119; sid: 5000119; rev:12;)
---++

-- Main.Sagan-Wiki-Add - 2016-8-30
---++ alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg: "[SYSLOG] Authentication failure - Brute force [25/1]"; pcre: "/failed to authorize|wrong password given|repeated login failures|authentication failed|authentication failures|access denied|access not allowed|failed to authenticate/i"; content:!"access denied by ACL"; parse_src_ip: 1; parse_port; parse_proto; classtype: unsuccessful-user; after: track by_src, count 25, seconds 300; threshold: type limit, track by_src, count 1, seconds 86400; flowbits: set,brute_force,21600; reference: url,wiki.quadrantsec.com/bin/view/Main/5000119; sid: 5000119; rev:13;)
---++

-- Main.Sagan-Wiki-Add - 2016-11-7
Topic revision: r1 - 2015-10-21 - Sagan-Wiki-Add