Mailinglist Archive: opensuse-security (69 mails)

< Previous Next >
Re: [suse-security] Detecting Brute-Force and Dictionary attacks
  • From: <pedrocsort-e@xxxxxxxxx>
  • Date: Wed, 18 Oct 2006 07:22:28 -0700 (PDT)
  • Message-id: <20061018142228.45741.qmail@xxxxxxxxxxxxxxxxxxxxxxx>
Hi,

You can start by checking the log files.
I do not know if this can help but in my particular
case I installed python and I run Denyhosts as a
deamon , and that authomates the tasks of detecting
and preventing attacks.
DenyHost checks the log files and if there is an
attempt to brute force it place a line is
/etc/hosts.deny.
So some services running under tcpwrap can be very
simply "controlled" in this manner.
Also of great importance is to use in the sshd config
the directives AllowUsers and DenyUsers.
The "usual" targets are the very known system users
like wwwrun, tomcat, root and so on.
Those should be prevented from a external log in.
But of course your solution depends a bit on what is
the purpose of that precise brute force monitoring ...
and exact service you are monitoring ...

Regards,
Pedro Coelho

--- Shashi Kanth Boddula <shashi.boddula@xxxxxxxxxx>
wrote:

> Hi All,
>
> I am looking for a good tool to detect brute-force
> and dictionary attacks on user accounts on a Linux
> system . The tool should also have the intelligence
> to differntiate between user mistakes and actual
> brute-force/dictionary attacks and reduce the false
> positives. SLES9/SLES10 included security tools are
> not helping in this case . The seccheck package
> functionality also not matching with my requirement.
>
>
> Please , anyone knows any third party security tool
> or any opensource security tool which solves my
> problem ?
>
>
> Thanks & Regards,
> Shashi Kanth,CISSP
>
>
> --
> Check the headers for your unsubscription address
> For additional commands, e-mail:
> suse-security-help@xxxxxxxx
> Security-related bug reports go to security@xxxxxxx,
> not here
>
>


< Previous Next >
Follow Ups