Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Snort - rules that stop mulitple password attempts?

    Scheduled Pinned Locked Moved pfSense Packages
    2 Posts 2 Posters 1.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • L
      louis-m
      last edited by

      Hi,
      I have an alix board so obviously want to keep my snort rules down to miminal. Over the last couple of weeks, my mail server has been under attack from spammers trying to guess user passwords etc, sometimes with 1000 attempts within a few minutes. i've added the ip's to a spam griup alias on pfsense which has cured the issue.
      but, i was wondering if snort has any sort of rule that detects multiple password attempts in quich sucession and then blocks the ip?

      1 Reply Last reply Reply Quote 0
      • G
        g4m3c4ck
        last edited by

        If you are running a linux server the fail2ban package does this

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.