[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[ossec-list] Re: Dont block force brute atack in ftp server
- To: ossec-list@xxxxxxxxxxxxxxxx
- Subject: [ossec-list] Re: Dont block force brute atack in ftp server
- From: "Daniel Cid" <daniel.cid@xxxxxxxxx>
- Date: Sat, 21 Jul 2007 21:08:27 -0300
- Cc: "José Colzani" <linoxman@xxxxxxxxxxxx>
- Content-transfer-encoding: quoted-printable
- Dkim-signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=qeX2E8kISGTabK/rrQDNwYqMSoPBrVQCcBUx/wNBJxAtLBNqFxs8uD/hgbsjvCitQZpAE2SmsCaG4kxM+LBsooal3ddSvtDmICxkG+rG54VtdyI5f4LD5t4gEiGenUXArSRRIFqg+T3GwjQeuHBmQyAALI1+KJSrrQlTmEXNybY=
Hi Jose,
Can you show us a few samples of your proftpd logs? Also, look at the
ossec alerts log
and the active responses log to make sure that it really didn't block
the attack. By
default it will unblock the ip after 10 minutes...
Thanks,
--
Daniel B. Cid
dcid ( at ) ossec.net
On 7/17/07, José Colzani <linoxman@xxxxxxxxxxxx> wrote:
>
> Hi people, first sorry by my english, i,m brazilian, and speack portuguese.
>
> I have used ossec in all my servers, and today my ftp server was have a brute force atack, and the ossec dont log this atack. Why ?
>
> In my ossec.conf i have the lines include for the proftpd.log and the location tag, appoint for the correct log file /var/log/proftpd.log
>
> Thank You for all.
>
>
>
> José Carlos Colzani - Brusque SC
> E-mail - linoxman em yahoo.com.br linoxman em gmail.com.br
> GNU/Linux - 2.6.20.16 / Kubuntu 7.04
> User linux #241077
>
>
>
>
>
> ____________________________________________________________________________________
> Novo Yahoo! Cadê? - Experimente uma nova busca.
> http://yahoo.com.br/oqueeuganhocomisso
>
OSSEC home |
Main Index |
Thread Index
OSSEC project: www.ossec.net.
Mailling list information: http://www.ossec.net/en/mailing_lists.html.