hosts.deny script

John Summerfied debian at
Thu Jan 26 23:49:31 UTC 2006

Steven J Lamb wrote:
> I am trying to create a script to block people using hosts.deny. I 
> realize that I should just block everyone and then open access for those 
> whom I know I trust but because of the nature of our network this is not 
> possible. basically I check log files for login attempts every five 
> minutes and block those that attempt to log in more than 3 times that 
> day. 

This is too late. An automated attack may well be completed in this 
window of time.

Instead, use another port as a door-knock: when someone tries to connect 
to <some port>, then allow connexions to ssh for a short time.

For an automated connexion from a remote site, something like this:
echo | nc <some port>

The nc command is contained in the netcat package.

I think I've seen how to implement this door knock entirely in iptables 
recently, but didn't note the details.



-- spambait
1aaaaaaa at  Z1aaaaaaa at
Tourist pics

do not reply off-list

More information about the users mailing list