DictDefence is program written in Python to stop dictionary attacks of all sorts. It is based on the idea behind the Script Kiddie Defence Script, but is a much larger, more extensible project. The basic idea behind DictDefence is the automated blocking of Script Kiddies that run dictionary based attacks on your servers. For all you systems administrators out there, I’m sure you all have seen the lines in your logs where it is a long listing of some IP trying to log in with a ton of different usernames. That is where DictDefence steps in. It monitors logfiles or, even better, a FIFO and logs invalid accesses based upon Perl Compatible Regular Expressions (PCREs). Once an IP goes over your defined threshold, that IP is banned using one of (currently) 3 different means, instantly stopping the dictionary attack. This is designed to work on *nix systems only.
MySQL – The ubiquitous database. Widespread availability and about a zillion tools for using it.
SQLite – Small, simple, portable and easy to use. This is the default database to be used with DictDefence.
Null Routing – Simple and available on everything. DictDefense simply routes the bad IP to 127.0.0.1.
PF – The Berkeley Packet Filter. Originally for OpenBSD, but is now available on most of the BSD distros. My personal weapon of choice.
IPTables – If you are running a Linux distribution, chances are you have this running and ready to go.
You can read from as many files, simultaneously as you would like. Preferably, attach to a FIFO (named pipe) and let DictDefence hum away forever. It also has the ability to read from regular log files and will attach to the new files upon log rotation (similar to tail -F).
Read more about this program and download it here: http://stuffivelearned.org/doku.php?id=programming:python:dictdefence