Hi, >I don't want to debate the goodness or badness of the strategy of >blocking hosts like this in /etc/hosts.deny. It works perfectly for me, >and most >likely would for you, so no religious debates thanks. It's effective at >blocking bruteforce attacks. If a host EXCEEDS a specified number of >guesses >during the (configurable) 30 seconds it takes the script to cycle, the >host is blacklisted. >
Why are you doing this the wrong way ? You should whitelist hosts, instead blacklisting them. Unless you have administrative reasons for such decision, hosts.deny should be set to ALL:ALL, and you should allow specifically in hosts.allow. This way everything is dropped by default. Tcpwrappers should be configured the same way a firewall is, unless there is something against it. Even if you have customers who need remote access, adding a few ip's is much better than having open by default. Kind Regards, Pedro Hugo _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
