Subject: Res: NetBSD-3.1 was attacked: Bug of SSHD or cyrus-sasl?
To: Hubert Feyrer , David Sheryn <dhs@chromiq.org>
From: Daniel Cid <danielcid@yahoo.com.br>
List: netbsd-users
Date: 01/12/2007 07:03:27
I would also suggest you to take look at OSSEC to block password
guessing
attacks. It does not only can block based on SSHD brute
force attacks, but
also on FTP, web-based (webmails), etc.

Basically, it monitors multiple log
files and when it finds sequenced
failed password attempts from the same ip,
it can execute active-response
scripts to block them. Another benefit of it is
that it also performs
file integrity checking and rootkit detection, so you
can have a little
more information about what is happening.

Link:
http://www.ossec.net

Hope it helps..

Daniel Cid

----- Mensagem original
----
De: Hubert Feyrer <hubert@feyrer.de>
Para: David Sheryn <dhs@chromiq.org>
Cc: Eric Rudolph Pizzani <erp@digitalserenity.net>; Water NB
<netbsd78@126.com>; pkgsrc-users@NetBSD.org; tech-net@NetBSD.org;
tech-pkg@NetBSD.org; netbsd-users@NetBSD.org
Enviadas: Sexta-feira, 12 de
Janeiro de 2007 8:58:24
Assunto: Re: NetBSD-3.1 was attacked: Bug of SSHD or
cyrus-sasl?

On Fri, 12 Jan 2007, David Sheryn wrote:
>
http://fail2ban.sourceforge.net/ or similar ? (not tried it myself)  Any
>
other suggestions ?

See "Fighting ssh password guessing attempts (Update #2)"
at 
http://www.feyrer.de/NetBSD/blog.html/nb_20060107_2016.html


  - Hubert
__________________________________________________
Fale com seus amigos  de
graça com o novo Yahoo! Messenger 
http://br.messenger.yahoo.com/