policy/protocols/ftp/detect-bruteforcing.zeek
- FTP
FTP brute-forcing detector, triggering when too many rejected usernames or failed passwords have occurred from a single address.
- Namespace
FTP
- Imports
base/frameworks/sumstats, base/protocols/ftp, base/utils/time.zeek
Summary
Redefinable Options
The time period in which the threshold needs to be crossed before being reset. |
|
How many rejected usernames or passwords are required before being considered to be bruteforcing. |
Redefinitions
|
Detailed Interface
Redefinable Options
- FTP::bruteforce_measurement_interval
-
The time period in which the threshold needs to be crossed before being reset.
- FTP::bruteforce_threshold
-
How many rejected usernames or passwords are required before being considered to be bruteforcing.