Re: Detecting Brute-Force and Dictionary attacks



On Thu, Oct 26, 2006 at 07:12:17PM +0530, shashi wrote:
Hi All ,

Several people replied with their suggestions and solutions on "detect brute-force and dictionary attacks in Linux". I am
very thank full to all who given solution to my problem, particularly pbrunk@xxxxxxx,John Forristel,rowlando,Rob,Hans,
zmnkh@xxxxxxxxxxxx,Nic Stevens,Venkata Achanta,Nick,denis,Joe Vieira,alec,Manuel Arostegui,Cor and Greg Metcalfe .

Basically, looks like, there are three ways i can solve this issue , (1) by modifying existing system files , (2) integrate a
external module to your system either at a kernel level or at a PAM level , (3) put a external script

The solutions that i got from various sources are DenyHosts, System Watcher (Swatch), prevent, ossec, secwatch,Fail2Ban,
pam_abl, snort (i have big doubt on snort whether it can deliver this one at HIDS level) and login_sentry .

And one more from me =) Previously posted to the list. It's a script
based approach monitoring log files (ssh and apache modules included) and
iptables to ban IPs. It also supports managing the ban list across multiple
hosts.

http://jason.mindsocket.com.au/pages/linux/ipb-monitor/


Regards,

Jason Nicholls
--------------------------------------------------------------------
Jason Nicholls email: <jason@xxxxxxxxxxxxxxxxx>
http://jason.mindsocket.com.au/ cell: 206 310 4239 (US)
--------------------------------------------------------------------
pgp/gpg id: 0xC3844959
fingerprint: 7F7A 5846 4E94 459C 104D A979 7079 24CF C384 4959