Responding to a Brute Force SSH Attack

by Jamie Riden
Sept. 15, 2017 2 comments Symantec Detection & Response

It was a bad start to a Monday morning: I arrived at work to find the intrusion detection system so bogged down in alerts that it was barely responsive. Something bad had happened over the weekend. The IDS — in this case, a couple of snort sensors logging to a postgresql database — had been extremely busy logging alerts over pretty much the whole weekend. To review the alerts, I used the BASE front-end, and it was this latter that was taking such a long time to tell me anything, since it was querying a database which was around ten times as large as I had originally envisaged using in production.

https://www.symantec.com/connect/articles/responding-brute-force-ssh-attack

Avatar
2flash 2 months, 2 weeks ago

I really like the way Jamie Riden structured this presentation. Practical and informative!

Reply
Avatar
Steven Ulm 2 months, 3 weeks ago

I love reading your reaction to the attack. Well done, even better described! :)

Reply