[prev in list] [next in list] [prev in thread] [next in thread]
List: focus-linux
Subject: Re: Detecting Brute-Force and Dictionary attacks
From: Jason Nicholls <jason () mindsocket ! com ! au>
Date: 2006-10-30 2:22:35
Message-ID: 20061030022235.GA8164 () nimm ! bpa ! nu
[Download RAW message or body]
On Thu, Oct 26, 2006 at 07:12:17PM +0530, shashi wrote:
> Hi All ,
>
> Several people replied with their suggestions and solutions on "detect brute-force \
> and dictionary attacks in Linux". I am very thank full to all who given solution to \
> my problem, particularly pbrunk@uga.edu,John Forristel,rowlando,Rob,Hans, \
> zmnkh@chollian.net,Nic Stevens,Venkata Achanta,Nick,denis,Joe Vieira,alec,Manuel \
> Arostegui,Cor and Greg Metcalfe .
> Basically, looks like, there are three ways i can solve this issue , (1) by \
> modifying existing system files , (2) integrate a external module to your system \
> either at a kernel level or at a PAM level , (3) put a external script
> The solutions that i got from various sources are DenyHosts, System Watcher \
> (Swatch), prevent, ossec, secwatch,Fail2Ban, pam_abl, snort (i have big doubt on \
> snort whether it can deliver this one at HIDS level) and login_sentry .
And one more from me =) Previously posted to the list. It's a script
based approach monitoring log files (ssh and apache modules included) and
iptables to ban IPs. It also supports managing the ban list across multiple
hosts.
http://jason.mindsocket.com.au/pages/linux/ipb-monitor/
Regards,
Jason Nicholls
--------------------------------------------------------------------
Jason Nicholls email: <jason@mindsocket.com.au>
http://jason.mindsocket.com.au/ cell: 206 310 4239 (US)
--------------------------------------------------------------------
pgp/gpg id: 0xC3844959
fingerprint: 7F7A 5846 4E94 459C 104D A979 7079 24CF C384 4959
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic