is basically a firewall with agents connected to four different layers of the network stack
- at the TCP/IP layer, rejecting malformed/malicious TCP/IP packets
- at the HTTP layer, rejecting malformed/malicious HTTP requests
- at the Application layer, rejecting malicious signs, too many password failures, seeking for exploits, etc
- at the Contest layer, rejecting text containing offensive words
Each agent is a "fail-to-ban" callback that reports the offending IPs to the firewall adding them to the block-list.
Each time you failed a password attempt, the agent like agent-ftpd or agento-sshd generates a event, which is monitored by Giano, it reads those events to find out who is offending and for what, and then react appropriately.
Giano usually reacts by IP-banning. The most people uses dynamic IP, so a permanent ban can block legit users if the ISP rotated the address of a bot to a legit user. This might be a problem. Anyway, generally, this has demonstrated being able to reduce the rate of attacks, to block spambots, as well as able to reduce incorrect authentications attempts.
However, it cannot eliminate the risk that weak authentication presents.
Mystères of the invisible, Loa are intermediaries between Bondye the Supreme Creator, who is distant from the world—and humanity.