Showing results for 
Search instead for 
Did you mean: 
Level 7

Brute force Threshold ?


query regarding the Brute Force  threshold,

snort and ips generic rule  has  the threshold for the bruteforce signature is  5 failed loging with 60 Seconds, what i have face the situation that this pattern of threshold is flooding so much of noise,

The question opens to all What will be the threshold for the signature like >>> SSH: SSH Login Bruteforce Detected 


0 Kudos
1 Reply
Level 7

Re: Brute force Threshold ?

Mcafee NSM Default Threshold is 10 failed logins in 120 seconds... I have found reducing the seconds to 60 seconds helps.

0 Kudos