Re: Detecting Brute-Force and Dictionary attacks




Some entity AKA "Shashi Kanth Boddula" <shashi.boddula@xxxxxxxxxx>
wrote this mindboggling stuff, while thinking about the OS-BBQ.

(selectively-snipped-or-not-p)
Hi All,

I am looking for a good tool to detect brute-force and dictionary attacks on user accounts on a Linux system . The tool should also have the intelligence to differntiate between user mistakes and actual brute-force/dictionary attacks and reduce the false positives. SuSE/RedHat included security tools are not helping in this case .

Please , anyone knows any third party security tool or any opensource security  tool which solves my problem ?

A basic is allready in the system in the config of /etc/login.defs
login_delay 'nn sec' and max_retry 'nn' and log the fails.
A delay of 5 minutes after 2 failed is annoying enoug to most.

But how do you want to differentiate between "usert" and "uiser" ,
wich can be honest typoos or part of the dictionary , since dicts
trive on those 'typoos'.

Restricting access from only known external-IP_adresses is more helpful.
unless the attacks come from your own network, in wich case one can
just fire the malevolent element.

Cor

--
The biggest problem LISP has is that it does not apeal to dumb people
If all failed to satisfy you, try reading the HyperSpec or man frig
(defvar MyComputer '((OS . "GNU/Emacs") (IPL . "GNU/Linux")))