Yes it will. The signature is HTTP_Auth_Failed. It triggers on an excessive (configurable) number of failed login attempts within a configurable period of time. It tracks failures per source IP.
-----Original Message----- From: [EMAIL PROTECTED] On Behalf Of Gijo Thomas Sent: Tuesday, January 11, 2005 9:05 PM To: [EMAIL PROTECTED] Subject: [ISSForum] Password stealing attacks Hi All, Will network sensor pickup password stealing attacks? If someone does a Bruit force on my web servers, will my network sensor sitting at the web gateway pick up the same? Thanks and regards Gij Thomas. _______________________________________________ ISSForum mailing list [email protected] TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo/issforum To contact the ISSForum Moderator, send email to [EMAIL PROTECTED] The ISSForum mailing list is hosted and managed by Internet Security Systems, 6303 Barfield Road, Atlanta, Georgia, USA 30328. _______________________________________________ ISSForum mailing list [email protected] TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo/issforum To contact the ISSForum Moderator, send email to [EMAIL PROTECTED] The ISSForum mailing list is hosted and managed by Internet Security Systems, 6303 Barfield Road, Atlanta, Georgia, USA 30328.
