RE: Detecting Brute-Force and Dictionary attacks
- From: "Joe Vieira" <jvieira@xxxxxxxxxx>
- Date: Thu, 19 Oct 2006 10:45:07 -0400
If you just want to identify logon attempts just pay attention to your logwatch/ /var/log/secure or wherever you have it logging, if you want to deny access I recommend an iptables rule based off quick connections to port 22. If you want to lock out I would look at pam_tally.
Feel free to ask questions about any of these.
Joe Vieira, GCIH
UNIX System Administrator
Clark University
Information Technology Services
508.793.7287
-----Original Message-----
From: listbounce@xxxxxxxxxxxxxxxxx [mailto:listbounce@xxxxxxxxxxxxxxxxx] On Behalf Of Shashi Kanth Boddula
Sent: Wednesday, October 18, 2006 6:02 AM
To: focus-linux@xxxxxxxxxxxxxxxxx
Cc: shashi.boddula@xxxxxxxxxx
Subject: Detecting Brute-Force and Dictionary attacks
Hi All,
I am looking for a good tool to detect brute-force and dictionary attacks on user accounts on a Linux system . The tool should also have the intelligence to differntiate between user mistakes and actual brute-force/dictionary attacks and reduce the false positives. SuSE/RedHat included security tools are not helping in this case .
Please , anyone knows any third party security tool or any opensource security tool which solves my problem ?
Thanks & Regards,
Shashi Kanth,CISSP
- Follow-Ups:
- Re: Detecting Brute-Force and Dictionary attacks
- From: Manuel Arostegui Ramirez
- Re: Detecting Brute-Force and Dictionary attacks
- Prev by Date: Detecting Brute-Force and Dictionary attacks
- Next by Date: RE: Detecting Brute-Force and Dictionary attacks
- Previous by thread: Re: Detecting Brute-Force and Dictionary attacks
- Next by thread: Re: Detecting Brute-Force and Dictionary attacks
- Index(es):
