On Dec 8, 2006, at 8:49 AM, Philippe B. Laval wrote:
> Thanks to all the suggestions I got. I am not a
security expert on
> systems,
> but I have learned some since my system has been
attacked. Hackers
> usually
> attack a system from other systems. When they have
been discovered
> attacking from a system, they'll switch to a new one.
Therefore,
> the IP
> addresses from which they attack are never the same.
However, they
> can be
> spotted. Usually, the logs will show a specific IP
address either
> trying to
> log into a single account repeatedly (meaning they are
trying various
> passwords) or trying various accounts (meaning the
hacker is trying
> to find
> an existing account on the machine). I was hoping (am
hoping) that
> there is
> some software who can track this. When a login fails,
the software
> should
> be able to determine if that IP is a legitimate user
who just typed
> the
> wrong password or somebody conducting a systematic
attack of the
> system.
> Does such a protection exist?
There is a python script called DenyHosts that does
something like
what you're asking for:
http://deny
hosts.sourceforge.net/faq.html
Best,
---
Lee Capps
Technology Specialist
lcapps cteresource.org
_______________________________________________
rhn-users mailing list
rhn-usersredhat.com
htt
ps://www.redhat.com/mailman/listinfo/rhn-users
|