4 Apr
2011
4 Apr
'11
3:07 p.m.
Am 04.04.2011 12:34, schrieb Marian Marinov:
How is it possible for an attacker to try to logon more then 4 times? Can the attacker do this with only one TCP/IP connection without establishing a new one? Or have the scripts been adapted to this?
The attackers are not trying constantly.. Just a few bursts of trys.
Look at denyhosts ( http://denyhosts.sourceforge.net/ ). I also have a tool for protecting from brute force attacks called Hawk ( https://github.com/hackman/Hawk-IDS-IPS ).
Ok, thanks to both of you, it seems the scripts getting better and better. Will change my iptables rule to keep the blacklist for longer.
Thx Rainer