Kyle Claisse wrote: [snip] > Is there any way to lower the scan time? Say lowered to like 1 second? Or > is that pushing it?
Yes, or course, the scan time is configurable... and the thresholds. In denyhosts.cfg look at the DAEMON_SLEEP parameter. I use 15s, I think the default was 10s, lowering to 1s could increase the load on the CPU, but that depends on the CPU, and anyway you don't expect an attacker to try 3 times per second or faster. If you have good, secure, passwords an attacker will need many days to gain access. If you have weak passwords it could take 1 try... there's plenty of discussions about how to secure a computer in comp.security.ssh . Besides, DenyHosts is not only for security, it's also to avoid having those long logs full of failed attempts. > Also how does one manually add ip addresses? Sure, add them to /etc/hosts.deny (you know what tcp_wrappers is, don't you?). -- René Berber ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys -- and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ Denyhosts-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/denyhosts-user
