On Aug 29, 2004, at 19:07, John Feole wrote:
What about using TCPWrappers and the /etc/host.allow, /etc/hosts.deny funtionality?
I only know about the attack/host-ip after the fact so I can't just add it to the hosts.deny. Does TCPWrappers have some stateful rules?
If you know that legitimate ssh connections will only be coming from a certain range of IPs, then you can deny everything but what is in your hosts.allow. You don't have to worry about denying any specific IPs, since you deny everything but what is specifically allowed.
_______________________________________________
gnhlug-discuss mailing list
[EMAIL PROTECTED]
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss
