[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: RFC: changes to default password strength checks in pam_unix

On Mon, Sep 03, 2007 at 11:40:07PM -0400, John Kelly wrote:
> I stop brute force attacks by sending auth log messages to a FIFO which I 
> read with a perl script. After 10 login failures, your IP is firewalled for 
> 24 hours.

I have a rate-limiting iptables ruleset for SSH (and HTTP).  In my
experience, brute force attackers give up after the rate-limiter starts
tarpitting them.

See http://antti-juhani.kaijanaho.fi/stuff/ratelimit.txt

Antti-Juhani Kaijanaho, Jyväskylä

Attachment: signature.asc
Description: Digital signature

Reply to: