On Mon, Aug 25, 2008 at 11:12:39AM -0700, Mike Marion wrote:
I know a big "solaris is the only true OS" person that, for some reason, had setup a system ages ago to use routing vs ip filtering to block people that probed or did too many ssh attempts, and never bothered to convert it to ip filtering eventually. Worked great until he had about 64k routing entries for specific hosts to null. That one made me chuckle.. because every single packet that ever entered or left the box had to parse the entire routing ruleset he'd built up over time.
Wow. At least /etc/hosts.deny is only parsed on the initial connection. David -- KPLUG-List@kernel-panic.org http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
