[Honeywall] SSH Brute Force and Sebek Data

Bjoern Weiland bjoern.weiland at rz.uni-karlsruhe.de
Thu Jun 12 09:52:18 EDT 2008


Hey guys,

why do i get tons of sebek data for a simple SSH Brute Force Attempt on 
my machine? This is not only slowing down walleye, it is also a total 
overhead. Now I do understand to get tons of flows, as the src port 
varies, but every single login attempt is equipped with sebek 
information, although the intruder did not even get in!

Another thing: is there an IRC channel for people like me to idle in and 
to ask occasional questions like this? :)

  -best regards, bjoern


More information about the Honeywall mailing list