-----Original Message----- From: news [mailto:[email protected]] On Behalf Of Nikos Chantziaras Sent: January 22, 2009 11:07 AM To: [email protected] Subject: [gentoo-user] Re: Why isn't sshd blocking repeated failed login attempts?
Paul Hartman wrote: > On Wed, Jan 21, 2009 at 11:53 AM, Nikos Chantziaras <[email protected]> wrote: >> Can you check the logs to see the timespan in which those hundreds of >> attempts took place? Also, what's the time interval Denyhosts checks >> for login attempts? > > The most recently denied host from this afternoon made over 200 login > attempts in a span of 17 minutes before denyhosts caught it. In my > denyhosts.conf I have these: > > DENY_THRESHOLD_INVALID = 3 > DENY_THRESHOLD_VALID = 3 > DENY_THRESHOLD_ROOT = 1 > DENY_THRESHOLD_RESTRICTED = 1 What is the value of DAEMON_SLEEP? Denyhosts doesn't pick up on certain types of PAM auth regular expressions. If any of those appear in your logs during those 200+ attempts, Denyhosts is probably not reading them. I've already reported it (http://bugs.gentoo.org/show_bug.cgi?id=248047) if you want to add anything to it.
