pam_abl

pam_abl is a pam module designed to automatically block hosts which are attempting a brute force attack. Brute force attacks are an unsophisticated way to find authentication credentials. Basically, a computer is setup to try all kinds of user names and password combinations until one works. It may sound fairly far fetched, but it does actually work. Many system accounts have common user names. Passwords are also easily guessable in many situations.

pam_abl is able to protect any service which uses PAM for authentication. It works on the assumption that an attacker won't get the password right without a lot of trying. It watches for attacks by counting how many times a certain user or host tries to log into the service unsuccessfully. When a set number of failed logins occurs, the host or user name is recorded. After that point, it will be impossible for that user or host to successfully log in. The attacker can keep trying as much as he wants, but will never find a way to login with his current method.

The package also contains a command line tool for managing the database of people (or hosts) who have been blocked. This makes it fairly easy for a system administrator to manage the system.