Article 9215 at 07/03/17 08:43:06 From: blists (at mark) nobaloney.net Subject: [coba-e:09215] Re: dictionary attack

Index: [Article Count Order] [Thread]

Date:  Fri, 16 Mar 2007 15:42:55 -0800
From:  Jeff Lasman <blists (at mark) nobaloney.net>
Subject:  [coba-e:09215] Re: dictionary attack
To:  coba-e (at mark) bluequartz.org
Message-Id:  <200703161642.55899.blists (at mark) nobaloney.net>
In-Reply-To:  <02c901c7674e$63470fe0$6700a8c0@OfficeKen>
References:  <02c901c7674e$63470fe0$6700a8c0@OfficeKen>
X-Mail-Count: 09215

On Thursday 15 March 2007 03:07 pm, Ken Marcus - Precision Web Hosting, 
Inc. wrote:

> Does anyone know of a good scripts for blocking IPs with too many
> authentication failures. 6128  attempts from this one IP.

Ken, you might want to check out the APF+BFD firewall.  BFD stands for 
"Brute Force Detection".

If it doesn't do it by default it can be configured to read any logfile.

Jeff
-- 
Jeff Lasman, Nobaloney Internet Services
P.O. Box 52200, Riverside, CA  92517
Our blists address used on lists is for list email only
voice:  +1 951 643-7540, or see: 
"http://www.nobaloney.net/contactus.html";