[prev in list] [next in list] [prev in thread] [next in thread]
List: os-sim-commits
Subject: [Os-sim-commits] os-sim/etc/server generic.xml,1.35,1.36
From: David Gil <dvgil () users ! sourceforge ! net>
Date: 2009-01-20 16:11:27
Message-ID: E1LPJCJ-0007Q2-Hr () 23jxhf1 ! ch3 ! sourceforge ! com
[Download RAW message or body]
Update of /cvsroot/os-sim/os-sim/etc/server
In directory 23jxhf1.ch3.sourceforge.com:/tmp/cvs-serv28463
Modified Files:
generic.xml
Log Message:
Increase reliability of "brute force ssh attack" when a successful login
occurs after a considerable amount of authentication failures.
Index: generic.xml
===================================================================
RCS file: /cvsroot/os-sim/os-sim/etc/server/generic.xml,v
retrieving revision 1.35
retrieving revision 1.36
diff -u -d -r1.35 -r1.36
--- generic.xml 20 Jan 2009 15:47:38 -0000 1.35
+++ generic.xml 20 Jan 2009 16:11:25 -0000 1.36
@@ -557,8 +557,16 @@
reliability="+2" occurrence="10" from="1:SRC_IP" to="ANY"
port_from="ANY" time_out="30" port_to="ANY"
plugin_id="4003" plugin_sid="1,2,3,4,5,6" sticky="true"/>
+ <rule type="detector" name="SSH Login successful"
+ reliability="+3" occurrence="1" from="1:SRC_IP" to="1:DST_IP"
+ port_from="ANY" time_out="5" port_to="1:DST_PORT"
+ plugin_id="4003" plugin_sid="7,8" sticky="true"/>
</rules>
</rule>
+ <rule type="detector" name="SSH Login successful"
+ reliability="+3" occurrence="1" from="1:SRC_IP" to="1:DST_IP"
+ port_from="ANY" time_out="5" port_to="1:DST_PORT"
+ plugin_id="4003" plugin_sid="7,8" sticky="true"/>
</rules>
</rule>
<rule type="detector" name="PAM authentication failure"
------------------------------------------------------------------------------
This SF.net email is sponsored by:
SourcForge Community
SourceForge wants to tell your story.
http://p.sf.net/sfu/sf-spreadtheword
_______________________________________________
Os-sim-commits mailing list
Os-sim-commits@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/os-sim-commits
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic