Detection brute force by guessing of ports (21, 22, etc)
fullfill13 opened this issue · 3 comments
fullfill13 commented
I found that maltrail does not seem to be able to detect the brute force guessing of ports 21, 22, etc.
MikhailKasimov commented
Hello!
Maltrail uses public lists of IPs, that are related to brute-force attacks (regardless on ports).
For outbound connections Maltrail uses list of ports (https://github.com/stamparm/maltrail/blob/master/core/settings.py#L82) to detect potential infection (see https://github.com/stamparm/maltrail/wiki/Trail-classes#potential-infection-).
Guessing of ports -- it's not an option.
MikhailKasimov commented
@fullfill13 Hello! Is this ticket could be closed, if there's no other questions?
MikhailKasimov commented
Considering as resolved