Michael Weber wrote: > I like how you think. > > However, some of us have more stringent policies than others. > Either by law or by policy. > > Could we use the DNS return address as a code for what the host's > history has been? For example, if the host has been blacklisted by > 17 hosts, return an address is 127.0.0.17. If the host has been > flagged for the last 3 months by 200 hosts, return 127.0.3.200. If > the attacks were against root users, add a 1 to the second octet. > If the attacks were against known users, add a 2. If the attacks > were against unknown users, add a 4. > > I'm just throwing out a concept here, not a well thought out plan > for a return variable. > > If we could get that to work, we could all have our own rule sets as > to what to allow or deny. > > Anyone else have other ideas?
The DNSBL concept is already used by spam and virus filters like SpamAssassin and ClamAV. You could have separate DNSBL's for different classes of 'evil-doers' if you liked. For instance Spamhaus has separate lists for dial-up addresses, know spammers, etc. You can decide for yourself which DNSBL's to use and how to use them (decide your own block time, etc.). I guess something like that might also work for DenyHosts. Nils Breunese. ------------------------------------------------------------------------------ This SF.net email is sponsored by: High Quality Requirements in a Collaborative Environment. Download a free trial of Rational Requirements Composer Now! http://p.sf.net/sfu/www-ibm-com _______________________________________________ Denyhosts-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/denyhosts-user
