Re: Detecting Brute-Force and Dictionary attacks

Hi All ,

Several people replied with their suggestions and solutions on "detect 
brute-force and dictionary attacks in Linux". I am
very thank full to all who given solution to my problem, particularly  
pbrunk@uga.edu,John Forristel,rowlando,Rob,Hans,
zmnkh@chollian.net,Nic Stevens,Venkata Achanta,Nick,denis,Joe 
Vieira,alec,Manuel Arostegui,Cor and Greg Metcalfe .

Basically, looks like, there are three ways i can solve this issue , (1) by 
modifying existing system files , (2) integrate a
external module to your system either at a kernel level or at a PAM level , (3) 
put a external script

The solutions that i got from various sources are DenyHosts, System Watcher 
(Swatch), prevent, ossec, secwatch,Fail2Ban,
pam_abl, snort (i have big doubt on snort whether it can deliver this one at 
HIDS level) and login_sentry .

Well, i am in the process to evaluate all these solutions one-by-one, let me 
see which one has the great intelligence, then i
will get back to the list .

Once again , thank you very much to all.

Thanks & Regards
Shashi Kanth

Shashi Kanth Boddula wrote:
> Hi All,  
>
> I am looking for a good tool to detect brute-force and dictionary attacks on 
> user accounts on a Linux system . The tool should also have the intelligence 
> to differntiate between user mistakes and actual brute-force/dictionary 
> attacks and reduce the false positives. SuSE/RedHat included security tools 
> are not helping in this case . 
>
> Please , anyone knows any third party security tool or any opensource 
> security  tool which solves my problem ?
>
> Thanks & Regards,
> Shashi Kanth,CISSP