Focus on Linux
Back to list
RE: Detecting Brute-Force and Dictionary attacks
Oct 19 2006 02:45PM
Joe Vieira (jvieira clarku edu)
If you just want to identify logon attempts just pay attention to your logwatch/ /var/log/secure or wherever you have it logging, if you want to deny access I recommend an iptables rule based off quick connections to port 22. If you want to lock out I would look at pam_tally.
Feel free to ask questions about any of these.
Joe Vieira, GCIH
UNIX System Administrator
Information Technology Services
From: listbounce (at) securityfocus (dot) com [email concealed] [mailto:listbounce (at) securityfocus (dot) com [email concealed]] On Behalf Of Shashi Kanth Boddula
Sent: Wednesday, October 18, 2006 6:02 AM
To: focus-linux (at) securityfocus (dot) com [email concealed]
Cc: shashi.boddula (at) oracle (dot) com [email concealed]
Subject: Detecting Brute-Force and Dictionary attacks
I am looking for a good tool to detect brute-force and dictionary attacks on user accounts on a Linux system . The tool should also have the intelligence to differntiate between user mistakes and actual brute-force/dictionary attacks and reduce the false positives. SuSE/RedHat included security tools are not helping in this case .
Please , anyone knows any third party security tool or any opensource security tool which solves my problem ?
Thanks & Regards,
[ reply ]
Re: Detecting Brute-Force and Dictionary attacks
Oct 20 2006 04:44PM
Manuel Arostegui Ramirez (manuel todo-linux com)
Copyright 2010, SecurityFocus