Mark Wendt (Contractor) wrote: > Realistic? I get messages from my intrusion detectors every day of > folks from all over the world scanning my ports, trying to find a way > in. They hit a block of IP addresses and scan all of them in that > block. A very effective way to stop this is to use denyhosts. I have now set the limits very tight, if a particular IP is the source of more than 2 unsuccessful login attempts within a month, it gets added to the hosts.deny list, and takes 180 days to get off that list. I had some very determined hackers using a stable of several hundred compromised nodes to attack my machine. They are still trying, but they are totally being blocked. The main feature of denyhosts is that it doesn't care about port number, any failed login from ANY port is added to the threshold, and then being on hosts.deny pretty much blocks any access.
Jon ------------------------------------------------------------------------------ This SF.net email is sponsored by: SourcForge Community SourceForge wants to tell your story. http://p.sf.net/sfu/sf-spreadtheword _______________________________________________ Emc-users mailing list Emc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/emc-users
