[This is diverging a bit, so I've changed the subject, but leave the list Cc'ed for now]
"Yitzchak Gale" <[EMAIL PROTECTED]> writes: > How much time does it take to set up, maintain, > etc.? Depends on your system, I guess. It's apt-get'table on Ubuntu, and probably on most Linux distributions. It's written in Python, so it should be fairly portable. There's a config file you can tweak, but I think it works quite well out of the box - synchronizing blocked entries with a central repo is optional and must be enabled, you may also want to whitelist certain IPs. Maintenance so far is limited to reading the email-reports when it has blocked someone, but that is optional, too. > If enough people start using denyhosts - they'll > find an attack for that, too. Sigh. Well, tarpit would help slow down the attacks (by modifying TCP settings to one-byte packets and huge timeouts and whatnot. A friend uses this on mail to twart spam, and occasionally posts reporst on how long he's kept some spammer busy trying in vain to deliver.) Anyway, if enough people use denyhosts, there will be fewer guessed passwords, and thus fewer infected hosts to keep the attacks coming. (Assuming the machines got hacked via ssh, too, I don't know if that's the case, though.) You could also use the central registry of zombies to block more agressively, but that opens up for denial of access. (I push, but don't pull blocked IPs, partly for that reason.) The flip side is that denyhosts will keep the attackers off the well-maintained hosts, and direct them more quickly to easier targets... -k -- If I haven't seen further, it is by standing in the footprints of giants _______________________________________________ darcs-users mailing list [email protected] http://lists.osuosl.org/mailman/listinfo/darcs-users
