Is this a reasonable approach?
Andy Armstrong
andy at hexten.net
Thu Jan 6 10:31:07 UTC 2005
Igmar Palsenberg wrote:
>>Somewhere I've got a homebrew PAM module that will log the username and
>>password of failed login attempts. It was written to find out which
>>username / password combinations were being used for brute force attacks
>>on the sshd demons of some of our local LUG, if it's of any use to
>>anyone I'll happily submit it to the main PAM repository.
>
> It's plain annoying for the bigger part. I've had some dickhead from a
> German colo doing 3000+ guesses on an account that doesn't even allow remote
> logins. Since the colo in question only provides abuse, and doesn't solve
> them, the're a nice iptables -j DROP candidate.
Yes, for the most part their fairly unlikely to be successful. Part of
the motivitation for pam_abl though is the warm feeling you get from
knowing that no matter how many passwords they try they'll /never/ be
successful - I like picturing them banging their head off a wall :)
--
Andy Armstrong
More information about the Pam-list
mailing list