[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Edlug Archive Mar 2007 ]

[edlug] Advice Please : "denyhosts"

A recent requirement having arisen to enable remote acces to my SuSE 9.3 
machine from a Windows box, I enabled OpenSSH via the standard port with 
TightVNC  and RSA keys at each end. This immediately resulted in concerted 
prolonged dictionary attacks which were successfully repulsed. 
Coincidentally an edlug thread arose which introduced me to "denyhosts", 
which I sourced and installed on SuSE. I have synced with the centrally 
held list of baddies - both send and receive, and now have about 4000 of 
them in hosts.deny. Currently, I have chosen not to purge this list which 
continues to grow hourly.

This has given rise to two questions :

1	What is the purpose of purging hosts.deny if one chooses to sync with the
        centrally held list? ... Would it not just be repopulated with the
        same list after the next sync interval?

2	What will be the impact (if any) of allowing hosts.deny to continue to
        grow without limit?

I have tried to find answers to these questions in FAQ's etc., to no avail. 
Any advice/pointers appreciated.

	Barclay Weir
You can find the EdLUG mailing list FAQ list at:

This archive is kept by wibble+RM@xxx.xxx.xxx