[prev in list] [next in list] [prev in thread] [next in thread] 

List:       focus-linux
Subject:    Re: Detecting Brute-Force and Dictionary attacks
From:       Jason Nicholls <jason () mindsocket ! com ! au>
Date:       2006-10-30 2:22:35
Message-ID: 20061030022235.GA8164 () nimm ! bpa ! nu
[Download RAW message or body]

On Thu, Oct 26, 2006 at 07:12:17PM +0530, shashi wrote:
> Hi All ,
> 
> Several people replied with their suggestions and solutions on "detect brute-force \
> and dictionary attacks in Linux". I am very thank full to all who given solution to \
> my problem, particularly  pbrunk@uga.edu,John Forristel,rowlando,Rob,Hans, \
> zmnkh@chollian.net,Nic Stevens,Venkata Achanta,Nick,denis,Joe Vieira,alec,Manuel \
> Arostegui,Cor and Greg Metcalfe . 
> Basically, looks like, there are three ways i can solve this issue , (1) by \
> modifying existing system files , (2) integrate a external module to your system \
> either at a kernel level or at a PAM level , (3) put a external script 
> The solutions that i got from various sources are DenyHosts, System Watcher \
> (Swatch), prevent, ossec, secwatch,Fail2Ban, pam_abl, snort (i have big doubt on \
> snort whether it can deliver this one at HIDS level) and login_sentry .

And one more from me =) Previously posted to the list. It's a script
based approach monitoring log files (ssh and apache modules included) and
iptables to ban IPs. It also supports managing the ban list across multiple
hosts.

    http://jason.mindsocket.com.au/pages/linux/ipb-monitor/


Regards,

Jason Nicholls
--------------------------------------------------------------------
Jason Nicholls                     email: <jason@mindsocket.com.au>
http://jason.mindsocket.com.au/     cell: 206 310 4239 (US)
--------------------------------------------------------------------
   pgp/gpg id: 0xC3844959  
  fingerprint: 7F7A 5846 4E94 459C 104D  A979 7079 24CF C384 4959


[prev in list] [next in list] [prev in thread] [next in thread]