Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
RE: Detecting Brute-Force and Dictionary attacks
From: John Forristel (SunGard-Chico) (John.Forristelsungardbi-tech.com)
Date: Thu Oct 19 2006 - 09:43:48 CDT
Using System Watcher (Swatch) is very easy. Set the swatchrc file to watch the /var/log/messages file and trigger on a keyword (incorrect, unauthorized, failed, etc), and email you when it happens. Or set it to log to a file that emails you every hour/5 hours/day.
You can even set Swatch to execute an NMAP command then write to a file, so you have the login they were trying to use and where it came from.
John Forristel | SunGard Bi-Tech LLC | Network Security Analyst | UNIX and Linux Administration | (w) 530-879-2897 | 6:00am to 3:00pm
From: listbouncesecurityfocus.com [mailto:listbouncesecurityfocus.com] On Behalf Of Shashi Kanth Boddula
Sent: Wednesday, October 18, 2006 3:02 AM
Subject: Detecting Brute-Force and Dictionary attacks
I am looking for a good tool to detect brute-force and dictionary attacks on user accounts on a Linux system . The tool should also have the intelligence to differntiate between user mistakes and actual brute-force/dictionary attacks and reduce the false positives. SuSE/RedHat included security tools are not helping in this case .
Please , anyone knows any third party security tool or any opensource security tool which solves my problem ?
Thanks & Regards,