OSSEC and supporting applications will detect what you configure them to detect. A user coming from an unusual IP address, or at an unusual time can cause OSSEC to fire an alert. But only if you configure it to do so. OSSEC can help detect brute force attacks, if the appropriate logs are available to it.
"Pretending to have an authorized user identity" doesn't mean much. Are they pretending to have a username, or are they pretending to be that user? On Tue, Mar 1, 2011 at 1:20 PM, Kelly Fitzgerald <[email protected]> wrote: > Masquerading is an attack done at the network layer. The masquerade > attack is an attack where an attacker will try to access a computer > pretending to have an authorized user identity such as a network > administrator. >
