Quoting "Paul G. Allen" <[EMAIL PROTECTED]>:
I'm not a big fan of DenyHosts because I'm not sure the whole idea
was thought out that well. It works okay under small load (at
which point I probably don't need it), but I wonder how it would
fare under real attack.
A couple of reasons why I use OSSEC. it can be configured to block
an IP after x number of incorrect login attempts, block for x amount
of time or indefinitely, monitor multiple services, and send alerts
for various levels of severity. It also works well under load.
I know a big "solaris is the only true OS" person that, for some
reason, had setup a system ages ago to use routing vs ip filtering to
block people that probed or did too many ssh attempts, and never
bothered to convert it to ip filtering eventually. Worked great until
he had about 64k routing entries for specific hosts to null. That one
made me chuckle.. because every single packet that ever entered or
left the box had to parse the entire routing ruleset he'd built up
over time.
--
Mike Marion-Unix/Linux Admin-http://www.miguelito.org
Do not meddle in the affairs of sysadmins, for they are easy to annoy and have
the root password.
--
KPLUG-List@kernel-panic.org
http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
