Jump to content


Check out our Community Blogs

Register and join over 40,000 other developers!


Recent Status Updates

View All Updates

Photo
- - - - -

How to protect against brute force?


  • Please log in to reply
8 replies to this topic

#1 Oigen

Oigen

    CC Addict

  • Just Joined
  • PipPipPipPipPip
  • 105 posts

Posted 22 June 2008 - 05:07 AM

Is it enough to just make the passwords lenghty, with no meaning, with lower and uppercase letters? Or do you have to take more measures.
  • 0

#2 Crop

Crop

    CC Resident

  • Just Joined
  • PipPipPipPip
  • 59 posts

Posted 22 June 2008 - 05:22 AM

No. If you run a public webserver you should also use login detection software. The software will allow you to specify when to ban someone based on how many times they attempted to login. For example, if you set it at 5 and I tried (and failed) 5 times to login as root then the software would ban me.

There are two that I know of BFD (Brute Force Detection) and LFD (Logon Failure Daemon). Both work well.
  • 0

#3 LissaValerian

LissaValerian

    CC Resident

  • Just Joined
  • PipPipPipPip
  • 52 posts

Posted 22 June 2008 - 08:01 AM

I would also suggest AFP here:

R-fx Networks - Internet Security Solutions - Projects » APF

It's one of the tools I use:

From their website:

Advanced Policy Firewall (APF) is an iptables(netfilter) based firewall system designed around the essential needs of today's Internet deployed servers and the unique needs of custom deployed Linux installations. The configuration of APF is designed to be very informative and present the user with an easy to follow process, from top to bottom of the configuration file. The management of APF on a day-to-day basis is conducted from the command line with the 'apf' command, which includes detailed usage information and all the features one would expect from a current and forward thinking firewall solution.
  • 0

#4 Prog

Prog

    CC Resident

  • Just Joined
  • PipPipPipPip
  • 95 posts

Posted 23 June 2008 - 08:11 AM

I've used AFP before, excellent firewall.
  • 0

#5 Oigen

Oigen

    CC Addict

  • Just Joined
  • PipPipPipPipPip
  • 105 posts

Posted 24 June 2008 - 05:03 AM

Thanks a lot guys. I'll check the APF and the brute force detectors...
  • 0

#6 LissaValerian

LissaValerian

    CC Resident

  • Just Joined
  • PipPipPipPip
  • 52 posts

Posted 24 June 2008 - 05:29 AM

Thanks a lot guys. I'll check the APF and the brute force detectors...


Good luck! There are how-to's out there that describe a joint APF+BFD install, they work well in combo. It's what I use.

Good luck!

~Lissa Valerian
  • 0

#7 rumen

rumen

    CC Addict

  • Just Joined
  • PipPipPipPipPip
  • 102 posts

Posted 24 June 2008 - 08:58 AM

I would also suggest AFP here:

R-fx Networks - Internet Security Solutions - Projects » APF

It's one of the tools I use:

From their website:

Advanced Policy Firewall (APF) is an iptables(netfilter) based firewall system designed around the essential needs of today's Internet deployed servers and the unique needs of custom deployed Linux installations. The configuration of APF is designed to be very informative and present the user with an easy to follow process, from top to bottom of the configuration file. The management of APF on a day-to-day basis is conducted from the command line with the 'apf' command, which includes detailed usage information and all the features one would expect from a current and forward thinking firewall solution.


Hey, thank you a lot for this valuable info:) It looks really promising.
  • 0

#8 Oigen

Oigen

    CC Addict

  • Just Joined
  • PipPipPipPipPip
  • 105 posts

Posted 27 June 2008 - 12:34 PM

I tried and, what would you know, I've broken my fingers, heh. Might wanna call that friend of mine that's good with computers :)
  • 0

#9 LissaValerian

LissaValerian

    CC Resident

  • Just Joined
  • PipPipPipPip
  • 52 posts

Posted 30 June 2008 - 11:58 AM

I tried and, what would you know, I've broken my fingers, heh. Might wanna call that friend of mine that's good with computers :)


Well, good luck with that! :)
  • 0




Recommended from our users: Dynamic Network Monitoring from WhatsUp Gold from IPSwitch. Free Download