Hi,
>I don't want to debate the goodness or badness of the strategy of
>blocking hosts like this in /etc/hosts.deny. It works perfectly for me,
>and most
>likely would for you, so no religious debates thanks. It's effective at
>blocking bruteforce attacks. If a host EXCEEDS a specified number of
>guesses
>during the (configurable) 30 seconds it takes the script to cycle, the
>host is blacklisted.
>
Why are you doing this the wrong way ? You should whitelist hosts, instead blacklisting them.
Unless you have administrative reasons for such decision, hosts.deny should be set to ALL:ALL, and you should allow specifically in hosts.allow.
This way everything is dropped by default. Tcpwrappers should be configured the same way a firewall is, unless there is something against it.
Even if you have customers who need remote access, adding a few ip's is much better than having open by default.
Kind Regards,
Pedro Hugo
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Received on Sep 02 2005
Intro
