I am an IT administrator for a small 'Mom and Pop' type alarm business. I am in the process of conducting a penetration test and I am currently testing our hardware firewall for vulnerabilities, a Dell SonicWALL TZ 210.

This little bugger has a very clever trick to prevent bruteforce/dictionary password attacks: Instead of providing the login prompt immediately upon connection, the server "eats" whatever the user's first input happens to be and THEN issues the login prompt. The effect of this is that the two main tools I'm experienced in using in this type of situation (hydra and MSF's auxiliary/scanner/ssh/ssh_login) are useless; they think they successfully guessed the password on the first try regardless of the user/pass combo when they really haven't.

Normally I would move on to the next target on my list to test but I want to be thorough because the gateway to our building's network is important to have locked down tight and I'm sure given enough time someone will think of something that I didn't, so I ask the experts: is there an obvious way to overcome this obstacle that I'm not seeing?