Is this a reasonable approach?
Igmar Palsenberg
maillist at jdimedia.nl
Thu Jan 6 10:11:46 UTC 2005
> Somewhere I've got a homebrew PAM module that will log the username and
> password of failed login attempts. It was written to find out which
> username / password combinations were being used for brute force attacks
> on the sshd demons of some of our local LUG, if it's of any use to
> anyone I'll happily submit it to the main PAM repository.
It's plain annoying for the bigger part. I've had some dickhead from a
German colo doing 3000+ guesses on an account that doesn't even allow remote
logins. Since the colo in question only provides abuse, and doesn't solve
them, the're a nice iptables -j DROP candidate.
Igmar
More information about the Pam-list
mailing list