Intrusion Prevention

SSH.Connection.Brute.Force

Description

This indicates detection of an attempted brute force attack on SSH.
The attack consists of multiple SSH requests intended to conduct a brute force SSH login, launched at a rate of about 200 times in 10 seconds.

Affected Products

All SSH Server

Impact

Impact of a successful attack could vary, with the worse case being a system compromise.

Recommended Actions

Adjust the threshold to your network.
Monitor the traffic from that network for any suspicious activity.