Gentoo Archives: gentoo-user

From: Nikos Chantziaras <realnc@×××××.de>
To: gentoo-user@l.g.o
Subject: [gentoo-user] Re: Why isn't sshd blocking repeated failed login attempts?
Date: Wed, 21 Jan 2009 12:37:05
Message-Id: gl74sk$8ov$1@ger.gmane.org
In Reply to: Re: [gentoo-user] Why isn't sshd blocking repeated failed login attempts? by Paul Hartman
1 Paul Hartman wrote:
2 > I'm using the online denyhosts synchronization database, I think that
3 > may negatively affect how often it blocks hosts locally, because it
4 > waits until it does a remote sync to scan the local file. This is my
5 > theory. I like the idea of sharing my blocks and taking advantage of
6 > the blocks of others, but if it renders the program ineffective
7 > against the IP /actively/ attacking my system, then it's pointless.
8 >
9 > I'm going to turn off the online sharing of denyhosts and see if it
10 > makes a difference.
11 >
12 > Otherwise I guess I need to set up some kind of local firewall on this
13 > machine to get any more fine control over the connections.
14
15 The shared list of attackers doesn't have anything to do with it.
16 Denyhosts checks the logs every X seconds. I think 30 by default, not
17 sure. In that time, there can be many more attempted logins then the
18 maximum you have configured in Denyhosts.
19
20 Also, the downloaded list of known attack hosts is copied locally into
21 your hosts.deny file. That's all there is to it.

Replies

Subject Author
Re: [gentoo-user] Re: Why isn't sshd blocking repeated failed login attempts? Paul Hartman <paul.hartman+gentoo@×××××.com>