[Honeywall] SSH Brute Force and Sebek Data

Raul Siles raul.siles at gmail.com
Thu Jun 12 19:06:25 EDT 2008

Hi Bjoern,
The reason is that every single SSH login attempt involves some read()
operations, and therefore Sebek log them.

Raul Siles

On Thu, Jun 12, 2008 at 3:52 PM, Bjoern Weiland <
bjoern.weiland at rz.uni-karlsruhe.de> wrote:

> Hey guys,
> why do i get tons of sebek data for a simple SSH Brute Force Attempt on my
> machine? This is not only slowing down walleye, it is also a total overhead.
> Now I do understand to get tons of flows, as the src port varies, but every
> single login attempt is equipped with sebek information, although the
> intruder did not even get in!
> Another thing: is there an IRC channel for people like me to idle in and to
> ask occasional questions like this? :)
>  -best regards, bjoern
> _______________________________________________
> Honeywall mailing list
> Honeywall at public.honeynet.org
> https://public.honeynet.org/mailman/listinfo/honeywall
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://public.honeynet.org/pipermail/honeywall/attachments/20080613/94664c26/attachment-0001.html

More information about the Honeywall mailing list