Joshua Penix wrote:
On Aug 23, 2008, at 5:40 PM, Andrew Lentvorski wrote:
Now, if I could only find a way to block any host that attempts a try
and fails.
Install DenyHosts and set its tolerance to one. The instant a failure
shows up in the log, it will stuff the offending IP into hosts.deny (or
insert a firewall rule if you choose).
I'm not a big fan of DenyHosts because I'm not sure the whole idea was
thought out that well. It works okay under small load (at which point I
probably don't need it), but I wonder how it would fare under real attack.
If someone is really trying to break my machine, logging the attempts to
a file basically lets them denial-of-service me. Furthermore, you can
elude DenyHosts by making a burst of attempts before DenyHosts makes
it's periodic run. Or, if DenyHosts runs on every attempt, then it's an
even bigger DoS generator.
-a
--
[email protected]
http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
