Re: Intrusion Detection Systems

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] 

On 9/26/07, John Hinton <webmaster@xxxxxxxx> wrote:
> Situation: We are providing hosting services.
>
> I've grown tired of the various kiddie scripts/dictionary attacks on
> various services. The latest has been against vsftpd, on systems that I
> can't easily control vs. putting strict limits on ssh. We simply have
> too many users entering from too many networks many with dynamic IP
> addresses.
>
> Enter.... thinking about LIDS or Log Based Intrusion Detection.
>
> I've run across four systems.
>
> Blockhosts, DenyHosts, fail2ban and OSSEC.
>
> DenyHosts apparently only works with ssh, so I've discounted using that.

denyhosts will work with anything that uses tcp_wrappers. You can futz
it to work with ssh, vsftpd, etc. However beyond that I can't be of
much help at the moment. I would say go with multiple layers as much
as possible.



-- 
Stephen J Smoogen. -- CSIRT/Linux System Administrator
How far that little candle throws his beams! So shines a good deed
in a naughty world. = Shakespeare. "The Merchant of Venice"
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux