LinuxQuestions.org - SNORT Rule for netbios brute force break-in

- Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)

- - SNORT Rule for netbios brute force break-in (https://www.linuxquestions.org/questions/linux-security-4/snort-rule-for-netbios-brute-force-break-in-144832/)

SnortUser

02-11-2004 09:49 AM

SNORT Rule for netbios brute force break-in

My network administrators are constantly flooded with requests to reset Windows accounts which have been locked out because of brute force/dictionary breakin accounts on the netbios port. Intrudors are able to enumerate the usernames and by brute force attempt to gain access. Does anyone know of a Snort rule which will detect this behavior?

Thanks,

Robert Caplan

unSpawn

02-12-2004 02:28 PM

Does anyone know of a Snort rule which will detect this behavior?
No. Got full captures of breakin sessions?

All times are GMT -5. The time now is 06:48 AM.