Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

FTP brute-force: sig 6250

Having troubles with sig 6250 - don't see any alerts on my test attempts to brute-force the password on Linux server with vsftpd running.

Have some doubts about regex in 6250 - do you really need \r\n at the beginning of server reply before the responce code?

Is anyone using sig 6250? Is it working?

PS: Sig is Enabled, Able to see my auth. failures in IPlog on the sensors - but no alerts. 4.1.3S67.

  • Other Security Subjects

Re: FTP brute-force: sig 6250

How are trying to login into the FTP server? The sensor is counting failed login attempts inside of the same connection (TCP stream). So, if you are attempting to login and disconnect between attempts, then this might explain the lack of alarms. A traffic sample should be able to clear this up if it's still not working. You can send them to if you'd like us to look at them.

This widget could not be displayed.