On Thu, Oct 26, 2006 at 07:12:17PM +0530, shashi wrote:
> Hi All ,
>
> Several people replied with their suggestions and solutions on "detect brute-force and dictionary attacks in Linux". I am
> very thank full to all who given solution to my problem, particularly pbrunk (at) uga (dot) edu [email concealed],John Forristel,rowlando,Rob,Hans,
> zmnkh (at) chollian (dot) net [email concealed],Nic Stevens,Venkata Achanta,Nick,denis,Joe Vieira,alec,Manuel Arostegui,Cor and Greg Metcalfe .
>
> Basically, looks like, there are three ways i can solve this issue , (1) by modifying existing system files , (2) integrate a
> external module to your system either at a kernel level or at a PAM level , (3) put a external script
>
> The solutions that i got from various sources are DenyHosts, System Watcher (Swatch), prevent, ossec, secwatch,Fail2Ban,
> pam_abl, snort (i have big doubt on snort whether it can deliver this one at HIDS level) and login_sentry .

And one more from me =) Previously posted to the list. It's a script
based approach monitoring log files (ssh and apache modules included) and
iptables to ban IPs. It also supports managing the ban list across multiple
hosts.

http://jason.mindsocket.com.au/pages/linux/ipb-monitor/

Regards,

Jason Nicholls
--------------------------------------------------------------------
Jason Nicholls email: <jason (at) mindsocket.com (dot) au [email concealed]>
http://jason.mindsocket.com.au/ cell: 206 310 4239 (US)
--------------------------------------------------------------------
pgp/gpg id: 0xC3844959
fingerprint: 7F7A 5846 4E94 459C 104D A979 7079 24CF C384 4959

[ reply ]