Article 8374 at 06/12/29 03:33:23 From: herbr (at mark) pfinders.com Subject: [coba-e:08374] Re: Preventing dictionary attacks

Index: [Article Count Order] [Thread]

Date:  Thu, 28 Dec 2006 10:29:38 -0800 (PST)
From:  Herb Rubin <herbr (at mark) pfinders.com>
Subject:  [coba-e:08374] Re: Preventing dictionary attacks
To:  coba-e (at mark) bluequartz.org
Message-Id:  <8165684.1641167330578344.JavaMail.root (at mark) z01.pfinders.com>
In-Reply-To:  <200612281119.43883.bq (at mark) solarspeed.net>
X-Mail-Count: 08374

Michael,

> That problem doesn't exists with the approach that uses IPTables and the 
> "recent" module. All bans/blocks happen instantly,  are temporary and expire 
> by themselves. Adding an address to the banlist or removing it doesn't 
> require a restart of the firewall itself. Likewise, the entire procedure 
> happens on the kernel level, so you don't need to do parse logfiles 
> periodically.

You mean you don't have to parse the /var/log/maillog? How do you detect the dictionary
attackers?

Is the "recent module" a standard part of IPTables? 

Herb

-- 
Herb Rubin
Pathfinders Software
http://www.pfinders.com