Ashley M. Kirchner wrote: > > I have SSH locked down (through hosts.deny/.allow) to only allow > known IPs to connect. This was done to curb the rash of script kiddies > banging on it with dictionary attacks. However, one of my users is on > DHCP which means every so often I need to change his entry in my > hosts.allow file. Bit of a pain when I'm not in town or near a machine > to check e-mail. So the question is: is there some way to solve this > problem? > I use daemonshield. It's a nice daemon which dynamically adds a iptables rule to block incoming ssh bursts from a particular IP address. After a while the rule will be automatically deleted. http://sourceforge.net/projects/daemonshield/ Hth, Edwin
