[Honeywall] SSH Brute Force and Sebek Data

Rob McMillen rvmcmil at gmail.com
Thu Jun 12 17:23:22 EDT 2008


Hmm.... IRC channel.... How much interest would there in that?

Rob

On Thu, Jun 12, 2008 at 9:52 AM, Bjoern Weiland
<bjoern.weiland at rz.uni-karlsruhe.de> wrote:
> Hey guys,
>
> why do i get tons of sebek data for a simple SSH Brute Force Attempt on my
> machine? This is not only slowing down walleye, it is also a total overhead.
> Now I do understand to get tons of flows, as the src port varies, but every
> single login attempt is equipped with sebek information, although the
> intruder did not even get in!
>
> Another thing: is there an IRC channel for people like me to idle in and to
> ask occasional questions like this? :)
>
>  -best regards, bjoern
> _______________________________________________
> Honeywall mailing list
> Honeywall at public.honeynet.org
> https://public.honeynet.org/mailman/listinfo/honeywall
>


More information about the Honeywall mailing list