[Honeywall] SSH Brute Force and Sebek Data

Curt Shaffer cshaffer at gmail.com
Thu Jun 12 17:45:43 EDT 2008


I'll second it.

-----Original Message-----
From: honeywall-bounces at public.honeynet.org
[mailto:honeywall-bounces at public.honeynet.org] On Behalf Of Rob McMillen
Sent: Thursday, June 12, 2008 5:23 PM
To: Mailing list for users and developers of the Honeywall
Subject: Re: [Honeywall] SSH Brute Force and Sebek Data

Hmm.... IRC channel.... How much interest would there in that?

Rob

On Thu, Jun 12, 2008 at 9:52 AM, Bjoern Weiland
<bjoern.weiland at rz.uni-karlsruhe.de> wrote:
> Hey guys,
>
> why do i get tons of sebek data for a simple SSH Brute Force Attempt on my
> machine? This is not only slowing down walleye, it is also a total
overhead.
> Now I do understand to get tons of flows, as the src port varies, but
every
> single login attempt is equipped with sebek information, although the
> intruder did not even get in!
>
> Another thing: is there an IRC channel for people like me to idle in and
to
> ask occasional questions like this? :)
>
>  -best regards, bjoern
> _______________________________________________
> Honeywall mailing list
> Honeywall at public.honeynet.org
> https://public.honeynet.org/mailman/listinfo/honeywall
>
_______________________________________________
Honeywall mailing list
Honeywall at public.honeynet.org
https://public.honeynet.org/mailman/listinfo/honeywall
No virus found in this incoming message.
Checked by AVG. 
Version: 8.0.100 / Virus Database: 270.3.0/1500 - Release Date: 6/12/2008
4:58 PM



More information about the Honeywall mailing list