[TriLUG] defense against dictionary attacks?

[Jason Tower]

> This is a standard rule in OpenBSD (they also have one for DNS type
> attacks too).  I've looked at the OBSD one (written in perl) and its
> fairly easy to craft. You could script this by having a program scan
> the info logs every minute using a grep,cut,sort, uniq and then when
> the value exceeds so many in a minute put the associated IP into a
> file that is used by your IPTables to deny access via port 25. When
> it updates the file it will also need to re-init IPTables.
>
> I'll bet you have it done in just under an hour!
>
> Jon

i'll take that bet :-)