| 1 |
Paul Hartman wrote: |
| 2 |
> I'm using the online denyhosts synchronization database, I think that |
| 3 |
> may negatively affect how often it blocks hosts locally, because it |
| 4 |
> waits until it does a remote sync to scan the local file. This is my |
| 5 |
> theory. I like the idea of sharing my blocks and taking advantage of |
| 6 |
> the blocks of others, but if it renders the program ineffective |
| 7 |
> against the IP /actively/ attacking my system, then it's pointless. |
| 8 |
> |
| 9 |
> I'm going to turn off the online sharing of denyhosts and see if it |
| 10 |
> makes a difference. |
| 11 |
> |
| 12 |
> Otherwise I guess I need to set up some kind of local firewall on this |
| 13 |
> machine to get any more fine control over the connections. |
| 14 |
|
| 15 |
The shared list of attackers doesn't have anything to do with it. |
| 16 |
Denyhosts checks the logs every X seconds. I think 30 by default, not |
| 17 |
sure. In that time, there can be many more attempted logins then the |
| 18 |
maximum you have configured in Denyhosts. |
| 19 |
|
| 20 |
Also, the downloaded list of known attack hosts is copied locally into |
| 21 |
your hosts.deny file. That's all there is to it. |
Archives