policy/protocols/ftp/detect-bruteforcing.zeek¶
-
FTP
¶
FTP brute-forcing detector, triggering when too many rejected usernames or failed passwords have occurred from a single address.
Namespace: | FTP |
---|---|
Imports: | base/frameworks/sumstats, base/protocols/ftp, base/utils/time.zeek |
Summary¶
Redefinable Options¶
FTP::bruteforce_measurement_interval : interval &redef |
The time period in which the threshold needs to be crossed before being reset. |
FTP::bruteforce_threshold : double &redef |
How many rejected usernames or passwords are required before being considered to be bruteforcing. |
Redefinitions¶
Notice::Type : enum |