More than anything I say it because when we talk about brute force attacks, we usually give priority (obviously) to services like ssh with solutions like fail2ban or DenyHosts as I review in that entry but what happens for example with FTP
or others as sensitive as mail?
That's where BFD comes in, one more tool from the creators of APF Firewall (which by the way, their work is impressive, look at the list, I have to try LSM, Linux Socket Monitor)
What is BFD and how does it work?
BFD is an application created by Ryan MacDonald with GPL license that once installed, runs by default every 3 minutes on the cron, looking in relevant system logs (/var/log/secure, /var/log/auth.log, /var/log/messages, this may vary depending on the distro) traces of possible traces of brute force attacks (authentication failures) in services such as courier, cpanel, exim, proftpd, pure-ftpd, sshd, etc.How does it work? once it locates the attack (by default the value that comes in its configuration is 15 attempts) it executes a system command to block the host that has caused it (by default it uses the APF Firewall block, assuming, erroneously in my opinion, that APF is installed.
Full content on DaboBlog
