Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
Re: Detecting Brute-Force and Dictionary attacks
From: Denis Pugnere (d.pugnereipnl.in2p3.fr)
Date: Wed Oct 25 2006 - 02:54:49 CDT
> I am looking for a good tool to detect brute-force and dictionary attacks on
> user >accounts on a Linux system . The tool should also have the intelligence
> to differntiate >between user mistakes and actual brute-force/dictionary
> attacks and reduce the >false positives. SuSE/RedHat included security tools
> are not helping in this case .
> Please , anyone knows any third party security tool or any opensource security
> tool >which solves my problems.
Take a look at pam_abl, it seems to fill your requirements.
it works great !
from the site pam_abl "Provides auto blacklisting of hosts and users
responsible for repeated failed authentication attempts. Generally
configured so that blacklisted users still see normal login prompts but
are guaranteed to fail to authenticate."
It can block remote hosts who had already tried n times ssh accounts, with
thresholds like 10 failed attempts per hour, and/or 30 failed attempts per
in this example, the rule is :
It can also block accounts on thresholds.
 : http://www.hexten.net/pam_abl/