> I've used sshblack for many months, before I joined the pool. It too > I find easy to setup and very stable. [...]
> However, someone caught in my web goes into the penalty box for 15 > days firewall dropping ALL packets (not just ssh connect requests) > from that IP. No more ntp for them... I've got something similar. Various offenses, most notably trying to speak NetBIOS to me, will usually get an IP blocked. The block lasts for only some 24 hours, but sending me *anything* while it is up will reset the timer. The relevance here is that whenever I look at the logs I see addresses which, on checking, are there because of NetBIOS but which keep resetting their timers thanks to UDP to port 123 to my pool host. I conjecture that they're Windows boxen which are well-managed enough to use the pool but ill-managed enough to send NetBIOS to hosts they have no particular reason to think speak NetBIOS - rather schizoid, but it happens enough that there's clearly something of the sort that's not too rare. Perhaps they're just well-meaning admins with cracked boxen. I just checked. There are 16 addresses in that state right now (a presumably representative sample). /~\ The ASCII der Mouse \ / Ribbon Campaign X Against HTML [EMAIL PROTECTED] / \ Email! 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B _______________________________________________ timekeepers mailing list [email protected] https://fortytwo.ch/mailman/cgi-bin/listinfo/timekeepers
