On Sun, Mar 2, 2014 at 3:05 PM, Jon Elson <el...@pico-systems.com> wrote:
> > The most successful thing I found was denyhosts. It used to be > an outside package you had to compile, now it is a standard > package you can install. It checks the logs for login failures > by source IP address, and after a settable number of failures > from one IP, it puts that IP on the hosts.deny list. To the > outside, > it is as if your machine just went offline. It was VERRRY > instructive > to see what the botnets did with this. They intelligently > probed > from different machines to see what the timeout horizon of > the blocking was. When they found out it was over 2 weeks, > the botnets just quit trying! So, they keep a list of > "tough" sites > somewhere, and I got myself onto that. I went from 1000+ > attempts a day down to 3, in 2 weeks. (By the way, my > horizon is set to 6 MONTHS! If they are hackers, they can just > leave me alone forever.) > > Jon > Jon, You're describing TCP Wrappers to a tee. Use hosts.deny and put ALL : ALL in it, then use hosts.allow and allow only the machines you want and what services you want those machines to have access to. Of course, this does require the service be wrapped. Mark ------------------------------------------------------------------------------ Subversion Kills Productivity. Get off Subversion & Make the Move to Perforce. With Perforce, you get hassle-free workflows. Merge that actually works. Faster operations. Version large binaries. Built-in WAN optimization and the freedom to use Git, Perforce or both. Make the move to Perforce. http://pubads.g.doubleclick.net/gampad/clk?id=122218951&iu=/4140/ostg.clktrk _______________________________________________ Emc-users mailing list Emc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/emc-users
