'[Os-sim-commits] os-sim/etc/server generic.xml,1.35,1.36'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       os-sim-commits
Subject:    [Os-sim-commits] os-sim/etc/server generic.xml,1.35,1.36
From:       David Gil <dvgil () users ! sourceforge ! net>
Date:       2009-01-20 16:11:27
Message-ID: E1LPJCJ-0007Q2-Hr () 23jxhf1 ! ch3 ! sourceforge ! com
[Download RAW message or body]

Update of /cvsroot/os-sim/os-sim/etc/server
In directory 23jxhf1.ch3.sourceforge.com:/tmp/cvs-serv28463

Modified Files:
	generic.xml 
Log Message:
Increase reliability of "brute force ssh attack" when a successful login
occurs after a considerable amount of authentication failures.


Index: generic.xml
===================================================================
RCS file: /cvsroot/os-sim/os-sim/etc/server/generic.xml,v
retrieving revision 1.35
retrieving revision 1.36
diff -u -d -r1.35 -r1.36
--- generic.xml	20 Jan 2009 15:47:38 -0000	1.35
+++ generic.xml	20 Jan 2009 16:11:25 -0000	1.36
@@ -557,8 +557,16 @@
                      reliability="+2" occurrence="10" from="1:SRC_IP" to="ANY"
                      port_from="ANY" time_out="30" port_to="ANY"
                      plugin_id="4003" plugin_sid="1,2,3,4,5,6" sticky="true"/>
+                     <rule type="detector" name="SSH Login successful"
+                     reliability="+3" occurrence="1" from="1:SRC_IP" to="1:DST_IP"
+                     port_from="ANY" time_out="5" port_to="1:DST_PORT"
+                     plugin_id="4003" plugin_sid="7,8" sticky="true"/>
                   </rules>
                </rule>
+               <rule type="detector" name="SSH Login successful"
+               reliability="+3" occurrence="1" from="1:SRC_IP" to="1:DST_IP"
+               port_from="ANY" time_out="5" port_to="1:DST_PORT"
+               plugin_id="4003" plugin_sid="7,8" sticky="true"/>
             </rules>
          </rule>
          <rule type="detector" name="PAM authentication failure"


------------------------------------------------------------------------------
This SF.net email is sponsored by:
SourcForge Community
SourceForge wants to tell your story.
http://p.sf.net/sfu/sf-spreadtheword
_______________________________________________
Os-sim-commits mailing list
Os-sim-commits@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/os-sim-commits
[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic