Res: NetBSD-3.1 was attacked: Bug of SSHD or cyrus-sasl?

To: Hubert Feyrer <hubert%feyrer.de@localhost>, David Sheryn <dhs%chromiq.org@localhost>
Subject: Res: NetBSD-3.1 was attacked: Bug of SSHD or cyrus-sasl?
From: Daniel Cid <danielcid%yahoo.com.br@localhost>
Date: Fri, 12 Jan 2007 07:03:27 -0800 (PST)

I would also suggest you to take look at OSSEC to block password
guessing attacks. It does not only can block based on SSHD brute
force attacks, but also on FTP, web-based (webmails), etc.

Basically, it monitors multiple log files and when it finds sequenced
failed password attempts from the same ip, it can execute active-response
scripts to block them. Another benefit of it is that it also performs
file integrity checking and rootkit detection, so you can have a little
more information about what is happening.

Link: http://www.ossec.net

Hope it helps..

Daniel Cid

----- Mensagem original ----
De: Hubert Feyrer <hubert%feyrer.de@localhost>
Para: David Sheryn <dhs%chromiq.org@localhost>
Cc: Eric Rudolph Pizzani <erp%digitalserenity.net@localhost>; Water NB 
<netbsd78%126.com@localhost>; pkgsrc-users%NetBSD.org@localhost; 
tech-net%NetBSD.org@localhost; tech-pkg%NetBSD.org@localhost; 
netbsd-users%NetBSD.org@localhost
Enviadas: Sexta-feira, 12 de Janeiro de 2007 8:58:24
Assunto: Re: NetBSD-3.1 was attacked: Bug of SSHD or cyrus-sasl?

On Fri, 12 Jan 2007, David Sheryn wrote:
> http://fail2ban.sourceforge.net/ or similar ? (not tried it myself)  Any
> other suggestions ?

See "Fighting ssh password guessing attempts (Update #2)" at 
http://www.feyrer.de/NetBSD/blog.html/nb_20060107_2016.html

  - Hubert

__________________________________________________
Fale com seus amigos  de graça com o novo Yahoo! Messenger 
http://br.messenger.yahoo.com/

Prev by Date: Re: pkgsrc idea
Next by Date: Re: NetBSD-3.1 was attacked: Bug of SSHD or cyrus-sasl?
Previous by Thread: [no subject]
Next by Thread: Mesa-devel package
Indexes:

Home | Main Index | Thread Index | Old Index