policy/protocols/ftp/detect-bruteforcing.bro

FTP

FTP brute-forcing detector, triggering when too many rejected usernames or failed passwords have occurred from a single address.

Namespace:FTP
Imports:base/frameworks/sumstats, base/protocols/ftp, base/utils/time.bro
Source File:/scripts/policy/protocols/ftp/detect-bruteforcing.bro

Summary

Redefinable Options

FTP::bruteforce_measurement_interval: interval &redef The time period in which the threshold needs to be crossed before being reset.
FTP::bruteforce_threshold: double &redef How many rejected usernames or passwords are required before being considered to be bruteforcing.

Redefinitions

Notice::Type: enum  

Detailed Interface

Redefinable Options

FTP::bruteforce_measurement_interval
Type:interval
Attributes:&redef
Default:15.0 mins

The time period in which the threshold needs to be crossed before being reset.

FTP::bruteforce_threshold
Type:double
Attributes:&redef
Default:20.0

How many rejected usernames or passwords are required before being considered to be bruteforcing.

Copyright 2016, The Bro Project. Last updated on January 10, 2019. Created using Sphinx 1.7.5.