Hi folks,
After realising that my home system was subject to frequent attacks - I
installed denyhosts at the end of last year. This has immediately started
blocking IPs and gives me a great feeling of security. I have run it with
syncing enabled & I can see that I contribute a handful of addresses to the
server & receive hundreds back to be blocked in return.
I connect to my home system either from the road, or from my office.
Recently my office IP was blocked by an update from the sync server. I am
confident that I have not blocked it myself by "fat finger typing" (ie I
have checked /var/log/denyhosts).
This suggests to me that somebody else somewhere in the world has been
subject to an ssh attack from my office. Is that fair or might there be an
element of IP spoofing involved?
What happens once an IP address gets to the sync server?
Does it ever expire?
Is there any mechanism to trace what has happened (so I can pass this to our
IT people for investigation)?
Is there a mechanism to remove our IP address from the sync server?
Thanks in advance
Keefe
-------------------------------------------------------------------------
This SF.net email is sponsored by the 2008 JavaOne(SM) Conference
Don't miss this year's exciting event. There's still time to save $100.
Use priority code J8TL2D2.
http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone
_______________________________________________
Denyhosts-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/denyhosts-user
