Andrew Lentvorski wrote:
I'm not a big fan of DenyHosts because I'm not sure the whole idea was
thought out that well. It works okay under small load (at which point I
probably don't need it), but I wonder how it would fare under real attack.
If someone is really trying to break my machine, logging the attempts to
a file basically lets them denial-of-service me. Furthermore, you can
elude DenyHosts by making a burst of attempts before DenyHosts makes
it's periodic run. Or, if DenyHosts runs on every attempt, then it's an
even bigger DoS generator.
A couple of reasons why I use OSSEC. it can be configured to block an IP
after x number of incorrect login attempts, block for x amount of time
or indefinitely, monitor multiple services, and send alerts for various
levels of severity. It also works well under load.
PGA
--
Paul G. Allen, BSIT/SE
Owner, Sr. Engineer
Random Logic Consulting
http://www.randomlogic.com
--
KPLUG-List@kernel-panic.org
http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
