If you just want to identify logon attempts just pay attention to your logwatch/ /var/log/secure or wherever you have it logging, if you want to deny access I recommend an iptables rule based off quick connections to port 22. If you want to lock out I would look at pam_tally.
Feel free to ask questions about any of these.
Joe Vieira, GCIH
UNIX System Administrator
Clark University
Information Technology Services
508.793.7287
-----Original Message-----
From: listbounce (at) securityfocus (dot) com [email concealed] [mailto:listbounce (at) securityfocus (dot) com [email concealed]] On Behalf Of Shashi Kanth Boddula
Sent: Wednesday, October 18, 2006 6:02 AM
To: focus-linux (at) securityfocus (dot) com [email concealed]
Cc: shashi.boddula (at) oracle (dot) com [email concealed]
Subject: Detecting Brute-Force and Dictionary attacks
Hi All,
I am looking for a good tool to detect brute-force and dictionary attacks on user accounts on a Linux system . The tool should also have the intelligence to differntiate between user mistakes and actual brute-force/dictionary attacks and reduce the false positives. SuSE/RedHat included security tools are not helping in this case .
Please , anyone knows any third party security tool or any opensource security tool which solves my problem ?
Feel free to ask questions about any of these.
Joe Vieira, GCIH
UNIX System Administrator
Clark University
Information Technology Services
508.793.7287
-----Original Message-----
From: listbounce (at) securityfocus (dot) com [email concealed] [mailto:listbounce (at) securityfocus (dot) com [email concealed]] On Behalf Of Shashi Kanth Boddula
Sent: Wednesday, October 18, 2006 6:02 AM
To: focus-linux (at) securityfocus (dot) com [email concealed]
Cc: shashi.boddula (at) oracle (dot) com [email concealed]
Subject: Detecting Brute-Force and Dictionary attacks
Hi All,
I am looking for a good tool to detect brute-force and dictionary attacks on user accounts on a Linux system . The tool should also have the intelligence to differntiate between user mistakes and actual brute-force/dictionary attacks and reduce the false positives. SuSE/RedHat included security tools are not helping in this case .
Please , anyone knows any third party security tool or any opensource security tool which solves my problem ?
Thanks & Regards,
Shashi Kanth,CISSP
[ reply ]