Hi Phil, everyone, I thought I'd mention an idea which occurred to me last night while lying in bed, pondering what can be done about the current round of distributed SSH attacks...
Have you ever thought about making the shared "Denied Hosts database" available via a DNS-based system? (http://en.wikipedia.org/wiki/DNSBL) This would enable direct querying of the database for a specific host in an efficient manner. For example, the combination of the 'aclexec' option in /etc/hosts.allow (see hosts_options(5)) with a simple script could be used to black-list all hosts in the database. This would make the "download" part of the DenyHosts synchronization code unnecessary, and make the DenyHosts generated hosts.deny smaller (enabling longer settings for PURGE_DENY.) This would also allow use of the "Denied Host database" without having DenyHosts installed. (This could be considered a good thing or a bad thing, I suppose. As a user, I consider it a good thing...) Anyhow, it's an idea. Keep up the good fight! Jeff Dairiki ------------------------------------------------------------------------------ This SF.net email is sponsored by: High Quality Requirements in a Collaborative Environment. Download a free trial of Rational Requirements Composer Now! http://p.sf.net/sfu/www-ibm-com _______________________________________________ Denyhosts-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/denyhosts-user
