Whit Blauvelt wrote: > Look how close all those tries were. DenyHosts caught it after 8 seconds. If > they're coming in that fast, it can take long enough to block it that a few > come in past your threshold. > > If it's a real concern, you may have an option to limit the speed of new > connections from a single remote IP at your firewall (there are a couple of > ways to do that with netfilter/iptables). You could slow the attempts down > to a speed where catching them right at your DenyHosts threshold would be a > sure thing.
That's right, another option is to speed up DenyHosts' scan: DAEMON_SLEEP = 15s It probably can be lowered to 10s w/o causing much increase in processing use. Another place to do what Whit suggests is in OpenSSH's sshd_config: MaxAuthTries 4 MaxStartups 1:3:6 These are just ideas, the parameters have to be tunned to the situation (heavy use server vs single user workstation). -- René Berber ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ _______________________________________________ Denyhosts-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/denyhosts-user
