RE: Detecting Brute-Force and Dictionary attacks

I am looking for a good tool to detect brute-force and dictionary attacks o=
n user accounts on a Linux system . The tool should also have the intellig=
ence to differntiate between user mistakes and actual brute-force/dictiona=
ry attacks and reduce the false positives. SuSE/RedHat included security t=
ools are not helping in this case .=20

There is a purely netfilter/iptables solution here:

that example is for SSH, but you can probably tweak it to do what you need.

For kernels that don't have all the netfilter modules compiled in, I wrote
a program to monitor my logs and add a rule to the INPUT chain to block
repeated connections with accounts that don't exist. The actual iptables
command looks something like:

/sbin/iptables -A INPUT -p tcp --dport 22 -s $IP -j DROP

End of line.