Joey Kelly <joey@joeykelly.net> writes:
> On Sunday July 17 2005 13:26, Scott Harney spake:
>
>> tcp wrappers is ubiquitous and the ssh attack is pretty
>> dumb so adding infected attackers to hosts_deny struck me as a good
>> solution.
>>
>
> Ok, but what happens after 1 million infected hosts fill up your deny file? I
> would think that a temporary blacklist (which is what I think the other
> script is) is a smarter scheme. Also, the other approach can easily be
> adapted to the bogus DNS lookups issue I've been having (which may or may not
> be limited to OpenNIC nameservers).
Since January my hosts_deny has 194 entries.
-- Scott Harney <scotth@scottharney.com> "Asking the wrong questions is the leading cause of wrong answers" gpg key fingerprint=7125 0BD3 8EC4 08D7 321D CEE9 F024 7DA6 0BC7 94E5 ___________________ Nolug mailing list nolug@nolug.orgReceived on 07/17/05
This archive was generated by hypermail 2.2.0 : 12/19/08 EST