SNORT Rule for netbios brute force break-in
My network administrators are constantly flooded with requests to reset Windows accounts which have been locked out because of brute force/dictionary breakin accounts on the netbios port. Intrudors are able to enumerate the usernames and by brute force attempt to gain access. Does anyone know of a Snort rule which will detect this behavior?
Thanks, Robert Caplan |
Does anyone know of a Snort rule which will detect this behavior?
No. Got full captures of breakin sessions? |
All times are GMT -5. The time now is 06:48 AM. |