Thanks Sean. Surprising how few tools there are for this purpose. pam_tally is a start but not really the full solution I was expecting to find. The theory is simply that once you see suspicious activity of any kind from an IP then there is a good chance that IP is going to scan for other holes as well so you'd want to shut them down early. Of course any automatic firewall based on attack signatures might then be subject to denial of service because of IP spoofing so perhaps thats why it isn't more common place. -- John Lange President OpenIT ltd. www.Open-IT.ca (204) 885 0872 VoIP, Web services, Linux Consulting, Server Co-Location On Thu, 2005-05-12 at 12:13 -0500, Sean A. Walberg wrote:
On Thu, 12 May 2005, Gilles Detillieux wrote:
It mentions pam_abl, which I had happened across just last week, but haven't tried out yet. It's available here:
pam_tally works well to stop brute force attacks against users. It locks accounts out after N attempts, rather than the firewall approach. The benefit, though, is that it's part of the standard RedHat/Fedora install.
Sean