Re: brute force password attacks

To: Debian Users <debian-user@lists.debian.org>
Subject: Re: brute force password attacks
From: bob parker <bob_parker@dodo.com.au>
Date: Wed, 7 May 2003 05:04:35 +1000
Message-id: <[🔎] E19D7jw-0003fi-00@debian>
Reply-to: bob_parker@dodo.com.au
In-reply-to: <[🔎] C49522BBA18FD6118D7900A0C92BB591051F9F@CCIA_PDC>
References: <[🔎] C49522BBA18FD6118D7900A0C92BB591051F9F@CCIA_PDC>

On Tue, 6 May 2003 16:49, Joyce, Matthew wrote:
> I have seen several methods of stopping brute force password guessing
> attack in the past.
>
> NT has lockout setting, for locking account after x number of failed
> logins. I think Lotus used to extend the time between login ech failed
> attempt.
>
> Is there something similer for Debian ?
>
> I have port 22 open, and although I use strong passwords, I'm concerned
> that I would not know if this type of attack happened over aperiod of
> day/weeks etc.
>
>
> Any ideas ?
>
You could install logcheck. In it's default configuration it reports all 
failures including authentication.
Saves a whole lot of skimming logs manually.

HTH

Bob Parker

Reply to:

References:
- brute force password attacks
  - From: "Joyce, Matthew" <MJoyce@ccia.org.au>

Prev by Date: Re: CPU recommendations *avoid Intel-Shite*
Next by Date: TCP version on the default installation of Debian
Previous by thread: brute force password attacks
Next by thread: Re: brute force password attacks
Index(es):
- Date
- Thread