On Sat, 2005-06-18 at 16:27, Dan Hollis wrote:
On Sat, 18 Jun 2005, Mike Pepe wrote:
> Thomas Cameron wrote:
> > These attacks appear to me to fire multiple concurrent connections to
> > get around the delay.
> Possibly. I found a script out there and modified it a bit, this will
> block the attacker after opening up 3 concurrent connections in 60 seconds:
I prefer pam_abl myself:
http://www.hexten.net/sw/pam_abl/index.mhtml
It automatically blacklists IPs which fail more than X logins in a
user-specified time. All attempts after that fail, even if the user+pass
supplied is correct.
Excellent tip Dan, thanks a lot!
--
Tarjei