Joey Kelly <[EMAIL PROTECTED]> writes: > Ok, but what happens after 1 million infected hosts fill up your deny file? I > would think that a temporary blacklist (which is what I think the other > script is) is a smarter scheme. Also, the other approach can easily be
A relatively easy fix if this were a concern would be to have the script add a unix timestamp in the form of a comment to each /etc/hosts.deny entry. Like so: naughty.ip.addr.ess # 1231248586 When the script does it's run to generate a new /etc/hosts.deny, it checks that each timestamp is < MAXAGE_SECONDS from current and if it is, adds them to the generated /etc/hosts.deny. the script already has a whitelist capability so adding this to it wouldn't be too hard. > adapted to the bogus DNS lookups issue I've been having (which may or may not > be limited to OpenNIC nameservers). Not sure what you're talking about here. -- Scott Harney <[EMAIL PROTECTED]> "Asking the wrong questions is the leading cause of wrong answers" gpg key fingerprint=7125 0BD3 8EC4 08D7 321D CEE9 F024 7DA6 0BC7 94E5
