[Honeywall] SSH Brute Force and Sebek Data
raul.siles at gmail.com
Thu Jun 12 19:06:25 EDT 2008
The reason is that every single SSH login attempt involves some read()
operations, and therefore Sebek log them.
On Thu, Jun 12, 2008 at 3:52 PM, Bjoern Weiland <
bjoern.weiland at rz.uni-karlsruhe.de> wrote:
> Hey guys,
> why do i get tons of sebek data for a simple SSH Brute Force Attempt on my
> machine? This is not only slowing down walleye, it is also a total overhead.
> Now I do understand to get tons of flows, as the src port varies, but every
> single login attempt is equipped with sebek information, although the
> intruder did not even get in!
> Another thing: is there an IRC channel for people like me to idle in and to
> ask occasional questions like this? :)
> -best regards, bjoern
> Honeywall mailing list
> Honeywall at public.honeynet.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Honeywall