Focus on Linux
RE: Detecting Brute-Force and Dictionary attacks Oct 19 2006 02:45PM
Joe Vieira (jvieira clarku edu) (1 replies)
If you just want to identify logon attempts just pay attention to your logwatch/ /var/log/secure or wherever you have it logging, if you want to deny access I recommend an iptables rule based off quick connections to port 22. If you want to lock out I would look at pam_tally.

Feel free to ask questions about any of these.

Joe Vieira, GCIH
UNIX System Administrator
Clark University
Information Technology Services
508.793.7287

-----Original Message-----
From: listbounce (at) securityfocus (dot) com [email concealed] [mailto:listbounce (at) securityfocus (dot) com [email concealed]] On Behalf Of Shashi Kanth Boddula
Sent: Wednesday, October 18, 2006 6:02 AM
To: focus-linux (at) securityfocus (dot) com [email concealed]
Cc: shashi.boddula (at) oracle (dot) com [email concealed]
Subject: Detecting Brute-Force and Dictionary attacks

Hi All,

I am looking for a good tool to detect brute-force and dictionary attacks on user accounts on a Linux system . The tool should also have the intelligence to differntiate between user mistakes and actual brute-force/dictionary attacks and reduce the false positives. SuSE/RedHat included security tools are not helping in this case .

Please , anyone knows any third party security tool or any opensource security  tool which solves my problem ?

Thanks & Regards,
Shashi Kanth,CISSP

[ reply ]
Re: Detecting Brute-Force and Dictionary attacks Oct 20 2006 04:44PM
Manuel Arostegui Ramirez (manuel todo-linux com)


 

Privacy Statement
Copyright 2010, SecurityFocus