Re: Detecting Brute-Force and Dictionary attacks

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Shashi Kanth Boddula wrote:

Hi All,

I am looking for a good tool to detect brute-force and dictionary
attacks on user accounts on a Linux system . The tool should also
have the intelligence to differntiate between user mistakes and
actual brute-force/dictionary attacks and reduce the false
positives. SuSE/RedHat included security tools are not helping in
this case .

Please , anyone knows any third party security tool or any
opensource security tool which solves my problem ?

Thanks & Regards, Shashi Kanth,CISSP


Im pretty sure snort is what you are after. www.snort.org
If you find something better let me know.


rowlando
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iD8DBQFFOPpYn71Wg8vs0SURAnR0AJ9RKDyEXiYE4d9dSWITGzc6QQGBpQCcCM08
AD3KoEJweqA0ZZg/f4YzsrQ=
=NOMQ
-----END PGP SIGNATURE-----

Relevant Pages

  • Re: Multiple Failed Password Change Attempts!
    ... is not included and non default user accounts are being used which indicates ... auditing for "logon events" which can also help detect attacks. ... On both occasions about 50 change password attempts ... > Attached is an example from my security log of what has happened. ...
    (microsoft.public.win2000.security)
  • Re: AES-128 good enough for medical data?
    ... >> I don't think we can consider the attacks of Biham, and, later, Matsui ... broken because of its short and searchable key space. ... that is significantly faster than brute-force. ... attack seem, to me any way, significantly faster than brute-force. ...
    (sci.crypt)
  • RE: Detecting Brute-Force and Dictionary attacks
    ... n user accounts on a Linux system. ... ence to differntiate between user mistakes and actual brute-force/dictiona= ... ry attacks and reduce the false positives. ... There is a purely netfilter/iptables solution here: ...
    (Focus-Linux)