Re: Detecting Brute-Force and Dictionary attacks

Some entity AKA "Shashi Kanth Boddula" <shashi.boddula@xxxxxxxxxx>
wrote this mindboggling stuff, while thinking about the OS-BBQ.

Hi All,

I am looking for a good tool to detect brute-force and dictionary attacks on user accounts on a Linux system . The tool should also have the intelligence to differntiate between user mistakes and actual brute-force/dictionary attacks and reduce the false positives. SuSE/RedHat included security tools are not helping in this case .

Please , anyone knows any third party security tool or any opensource security  tool which solves my problem ?

A basic is allready in the system in the config of /etc/login.defs
login_delay 'nn sec' and max_retry 'nn' and log the fails.
A delay of 5 minutes after 2 failed is annoying enoug to most.

But how do you want to differentiate between "usert" and "uiser" ,
wich can be honest typoos or part of the dictionary , since dicts
trive on those 'typoos'.

Restricting access from only known external-IP_adresses is more helpful.
unless the attacks come from your own network, in wich case one can
just fire the malevolent element.


The biggest problem LISP has is that it does not apeal to dumb people
If all failed to satisfy you, try reading the HyperSpec or man frig
(defvar MyComputer '((OS . "GNU/Emacs") (IPL . "GNU/Linux")))