On Tue, 2005-10-25 at 14:08 -0400, Neal Becker wrote: > Eventually hosts.deny is getting too big. If this is really fedora's > answer, then I think we'll need a version of tcpwrappers that has some kind > of database, rather than a flat file. I agree, although by layering iptables blocking with denyhosts I am able to greatly reduce the number of hosts.deny entries. Like many people on this list, I have a set of rules in iptables that look for too many ssh logins in too short a time period. If the threshold is exceeded connections from the offending IP are dropped for a time. Most script kiddies hit the block and just go away. Some script kiddies, however, come back later. For them I have denyhosts running at a threshold one above the iptables script. I typically see denyhosts trigger only once or twice a day for these more serious threats. -- Brian Gaynor www.pmccorp.com FC4/Linux on DELL Inspiron 5160 3.0Ghz canis 15:52:13 up 7:22, 1 user, load average: 0.14, 0.22, 0.16
