I have noticed recently there have been a lot more brute-force style attacks happening to my clients servers, SSH and FTP attempts mainly. I would like to be able to go a little further with reducing their impact on functionality. The reason I started to think abou this more has been that mainly I have noticed that while a brute force attack is being attempted, authentication services can slow to a crawl. Now with it ramping up like it has been in recent months I’d like to be more proactive.
I see 10.6 server will start to block attempts that come in too fast, the logs at least say so. Oddly enough, they seem to still be able to make connection attempts.
Doing some quick and dirty research via google and some advice from colleagues, I found Snort. I would like to know if anyone has experience with it on OS X specifically and, ideally, 10.6 server.
.
.
Comments are closed