Re: [Denyhosts-user] Concerns about syncing and hosts.deny overload

[René Berber]

David Snyder wrote:

> I've recently started doing the SYNC-thing with denyhosts.  I'm very
> impressed and pleased with this sort of collective protection.  However,
> after hacking the denyhosts client in order to receive email notifications of
> SYNC additions to the hosts.deny file, I've started becoming concerned about
> the size of the hosts.deny file.  Now, call me paranoid, but I haven't
> enabled the PURGE option.  To my mind, if someone's trying to break-in, they
> should be forever banned.
[snip]

Wrong!  Most scans or break-in attempts come from dynamic IPs, so the same guy
that tried once is not really banned forever, he'll try with a different IP,
sometimes just minutes later.  Also, spoofing IPs is very easy, so that is
another reason why you shouldn't take banned address with absolute certainty as
an IP that "belongs to a bad guy".

Not purging old banned addresses is just a bad idea.
-- 
René Berber



-------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid0709&bid&3057&dat1642
_______________________________________________
Denyhosts-user mailing list
Denyhosts-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/denyhosts-user