On Sunday July 17 2005 13:26, Scott Harney spake: > tcp wrappers is ubiquitous and the ssh attack is pretty > dumb so adding infected attackers to hosts_deny struck me as a good > solution. >
Ok, but what happens after 1 million infected hosts fill up your deny file? I would think that a temporary blacklist (which is what I think the other script is) is a smarter scheme. Also, the other approach can easily be adapted to the bogus DNS lookups issue I've been having (which may or may not be limited to OpenNIC nameservers). -- Joey Kelly < Minister of the Gospel | Linux Consultant > http://joeykelly.net "I may have invented it, but Bill made it famous." --- David Bradley, the IBM employee that invented CTRL-ALT-DEL -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : /pipermail/general_brlug.net/attachments/20050717/9f88fa34/attachment.bin From [EMAIL PROTECTED] Sun Jul 17 19:33:00 2005 From: [EMAIL PROTECTED] (Scott Harney) Date: Sun Jul 17 19:32:32 2005 Subject: [brlug-general] slowing down ssh attacks In-Reply-To: <[EMAIL PROTECTED]> (Joey Kelly's message of "Sun, 17 Jul 2005 14:56:48 -0500") References: <[EMAIL PROTECTED]> <[EMAIL PROTECTED]> <[EMAIL PROTECTED]> Message-ID: <[EMAIL PROTECTED]> Joey Kelly <[EMAIL PROTECTED]> writes: > On Sunday July 17 2005 13:26, Scott Harney spake: > >> tcp wrappers is ubiquitous and the ssh attack is pretty >> dumb so adding infected attackers to hosts_deny struck me as a good >> solution. >> > > Ok, but what happens after 1 million infected hosts fill up your deny file? I > would think that a temporary blacklist (which is what I think the other > script is) is a smarter scheme. Also, the other approach can easily be > adapted to the bogus DNS lookups issue I've been having (which may or may not > be limited to OpenNIC nameservers). Since January my hosts_deny has 194 entries. -- Scott Harney <[EMAIL PROTECTED]> "Asking the wrong questions is the leading cause of wrong answers" gpg key fingerprint=7125 0BD3 8EC4 08D7 321D CEE9 F024 7DA6 0BC7 94E5
