[Honeywall] SSH Brute Force and Sebek Data
rvmcmil at gmail.com
Thu Jun 12 17:23:22 EDT 2008
Hmm.... IRC channel.... How much interest would there in that?
On Thu, Jun 12, 2008 at 9:52 AM, Bjoern Weiland
<bjoern.weiland at rz.uni-karlsruhe.de> wrote:
> Hey guys,
> why do i get tons of sebek data for a simple SSH Brute Force Attempt on my
> machine? This is not only slowing down walleye, it is also a total overhead.
> Now I do understand to get tons of flows, as the src port varies, but every
> single login attempt is equipped with sebek information, although the
> intruder did not even get in!
> Another thing: is there an IRC channel for people like me to idle in and to
> ask occasional questions like this? :)
> -best regards, bjoern
> Honeywall mailing list
> Honeywall at public.honeynet.org
More information about the Honeywall