I use sshdfilter and portsentry with pretty good success. Sshdfilter is
really good as far as I am concerned.
> -----Original Message-----
> From: Dogsbody [mailto:dan (at mark) dogsbody.org]
> Sent: Tuesday, December 26, 2006 9:14 PM
> To: coba-e (at mark) bluequartz.org
> Subject: [coba-e:08347] Preventing dictionary attacks
>
> Hi All,
>
> The next thing on my list of things to do over Christmas :-)
>
> I am taking a systematic look at each side of my servers to see if things
> can be
> done better. While I currently have (home grown) protection for automated
> SSH
> attacks/probes the other services seem just as vulnerable especially if
> it's a
> real attack trying to crack a real persons password.
>
> So what do people use?
>
> I figure iptables is probably the best thing to use (instead of
> hosts.deny) but
> that does mean I'll have to build a firewall ruleset at the same time.
> Tools
> that combine the two would be good.
>
> iptables RECENT module would be good but does it work on the default
> CentOS BQ
> (v1.2.11)? I also don't think it would work very well on POP3, IMAP &
> Apache??
>
> Certainly there are separate apps I could use but it seems silly to run
> five
> separate apps to protect five services. Most parse log files too which
> can't be
> the most instant/effective.
>
> Links I have collected from previous posts...
> http://fail2ban.sourceforge.net/wiki/index.php/Main_Page
> http://sourceforge.net/projects/blocksshd/
> http://www.csc.liv.ac.uk/~greg/sshdfilter/
> http://www.rfxnetworks.com/bfd.php
> http://bluequartz.ixc.co.uk/
>
> All and any suggestions welcome.
>
> Thank you in advance
>
> Dan