Re: Is this a reasonable approach?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



> Andy Armstrong wrote:
> > The module is complete and working now. It successfully rejects auth 
> > attempts from hosts that are responsible for excessive authentication 
> > failures according to a configurable set of rules.
> 
> Incidentally I assume this is what people are using for their attacks:
>   http://packetstormsecurity.nl/filedesc/hydra-4.5-src.tar.html
> 
> Its signature in terms of the timing of login attempts is the same as 
> the real attacks I've been seeing. It's also quite useful for stress 
> testing pam_abl :)
Somewhere I've got a homebrew PAM module that will log the username and
password of failed login attempts.  It was written to find out which
username / password combinations were being used for brute force attacks
on the sshd demons of some of our local LUG, if it's of any use to
anyone I'll happily submit it to the main PAM repository.

Cheers,
 - Martin

-- 
Martin
inkubus@xxxxxxxxxxxxxxxx
"Seasons change, things come to pass"

_______________________________________________

Pam-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/pam-list

[Index of Archives]     [Fedora Users]     [Kernel]     [Red Hat Install]     [Linux for the blind]     [Gimp]

  Powered by Linux