Em 21/07/2010 10:08, Martijn de Munnik escreveu:
the original message says about bot brute-force attacks, but we can be facing REAL brute-force attacks against a specific account .... and i think that some features to help mitigate those could indeed be interesting. And if those features exists, they could surely help on those brute-force attacks coming from dumb bots as well.
it wont solve the username=password specific case, but could help on real or bot brute-force attacks.
what do you think on that Timo ?
Have a look at fail2ban, this is exactly what you need.
no, fail2ban is not exactly what i need. fail2ban is FAR from acchieving what i wrote ...
yes, fail2ban can ban an IP after wrong trials ..... but simply banning the IP (and maybe not the IP/username combination) can be a problem for companies that have lots of computers and access through NAT, ie, a single internet IP address. fail2ban also cannot slow down replies for wrong username/password combinations.
fail2ban is a nice add-on for any system, but having something done by the daemon and not by some third-party log analyzer can make things MUCH smarter and MUCH more flexible.
thanks for your tip, i already use fail2ban ... but that's far from acchieving some more flexible rules that can be done when the daemon has some anti-brute-force features.
--
Atenciosamente / Sincerily,
Leonardo Rodrigues
Solutti Tecnologia
http://www.solutti.com.br
Minha armadilha de SPAM, NÃO mandem email
gertrudes@solutti.com.br
My SPAMTRAP, do not email it