Colapse all |
Post message
Re: Detecting Brute-Force and Dictionary attacks 2006-11-08 Sebastiaan Veenstra (sebastiaan veenstra gmail com) (2 replies) Re: Detecting Brute-Force and Dictionary attacks 2006-11-10 Cy Schubert (Cy Schubert spqr komquats com) Re: Detecting Brute-Force and Dictionary attacks 2006-11-09 fabio (ctrlaltca libero it) (2 replies) Re: Detecting Brute-Force and Dictionary attacks 2006-11-10 Greg Metcalfe (metcalfegreg qwest net) (1 replies) Re: Detecting Brute-Force and Dictionary attacks 2006-11-11 Christian Jonassen (flyrev gmail com) (1 replies) RE: Vulnerability Assessment of a EAL 4 system 2006-11-06 Richard Worwood (richardw tdbnetworks com) I guess what everyone is trying to says is that just because a device / OS combination has been tested to EAL4 doesn't mean your version is configured as such. -----Original Message----- From: Takayama Kawika (DTI) [mailto:Kawika.Takayama (at) state.de (dot) us [email concealed]] Sent: 02 November 2006 09:44 To: focus-linu [ more ] [ reply ] Vulnerability Assessment of a EAL 4 system 2006-11-01 castellan2004-fd yahoo com (3 replies) I am looking at a Linux server which has been accredited as a EAL4 system by IBM. During the assessment, I was looking for standard Linux protections like iptables, ssh etc. On this server, there is no iptables. Regardless, I would like to know how to evaluate a EAL 4 system. What do you need to [ more ] [ reply ] RE: Vulnerability Assessment of a EAL 4 system 2006-11-01 Stong, Ian (Ian Stong ctr disa mil) (1 replies) RE: Vulnerability Assessment of a EAL 4 system 2006-11-02 Takayama Kawika (DTI) (Kawika Takayama state de us) Re: Detecting Brute-Force and Dictionary attacks 2006-10-25 Denis Pugnere (d pugnere ipnl in2p3 fr) (1 replies) > I am looking for a good tool to detect brute-force and dictionary attacks on > user >accounts on a Linux system . The tool should also have the intelligence > to differntiate >between user mistakes and actual brute-force/dictionary > attacks and reduce the >false positives. SuSE/RedHat included s [ more ] [ reply ] Re: Detecting Brute-Force and Dictionary attacks 2006-10-25 Max Schubert (security webwizarddesign com) Detecting brute force attacks 2006-10-24 Nic Stevens (nic stevens gmail com) (1 replies) I wrote a script to detect brute force attacks by watching log files. If you want to try it it is here: http://www.ducksfeet.com/nic2/secwatch/index.html -- Rock is dead! Long live paper and scissors! Nic Stevens (nic dot stevens at gee mail daught com) -- http://www.ducksfeet.com/nic [ more ] [ reply ] Re: Detecting Brute-Force and Dictionary attacks 2006-10-22 vachanta gmail com >The tool should also have the intelligence to >differntiate between user mistakes and actual >brute-force/dictionary attacks and reduce the >false positives. SuSE/RedHat included security >tools are not helping in this case . Hello Shashi Kanth, I dont think there is any intelligent tool that can [ more ] [ reply ] RE: Detecting Brute-Force and Dictionary attacks 2006-10-20 Master Control Program (jonlin tesuji org) > I am looking for a good tool to detect brute-force and dictionary attacks o= > n user accounts on a Linux system . The tool should also have the intellig= > ence to differntiate between user mistakes and actual brute-force/dictiona= > ry attacks and reduce the false positives. SuSE/RedHat included [ more ] [ reply ] |
Privacy Statement |
I didn't read the whole discussion about this issue but I came up with
an idea which might be usefull to detect brute force attempt. By
storing the passwords a certain user has used in the past along with
the current password you could be able to compare to password (by
pattern matching) used a
[ more ] [ reply ]