Em 21/07/2010 10:08, Martijn de Munnik escreveu:
the original message says about bot brute-force attacks, but we
can be facing REAL brute-force attacks against a specific account
.... and i think that some features to help mitigate those could
indeed be interesting. And if those features exists, they could
surely help on those brute-force attacks coming from dumb bots as well.
it wont solve the username=password specific case, but could help
on real or bot brute-force attacks.
what do you think on that Timo ?
Have a look at fail2ban, this is exactly what you need.
no, fail2ban is not exactly what i need. fail2ban is FAR from
acchieving what i wrote ...
yes, fail2ban can ban an IP after wrong trials ..... but simply
banning the IP (and maybe not the IP/username combination) can be a
problem for companies that have lots of computers and access through
NAT, ie, a single internet IP address. fail2ban also cannot slow down
replies for wrong username/password combinations.
fail2ban is a nice add-on for any system, but having something done
by the daemon and not by some third-party log analyzer can make things
MUCH smarter and MUCH more flexible.
thanks for your tip, i already use fail2ban ... but that's far from
acchieving some more flexible rules that can be done when the daemon has
some anti-brute-force features.
--
Atenciosamente / Sincerily,
Leonardo Rodrigues
Solutti Tecnologia
http://www.solutti.com.br
Minha armadilha de SPAM, NÃO mandem email
gertru...@solutti.com.br
My SPAMTRAP, do not email it
