[PLUG] denyhosts not blocking some ssh attempts
Rich Shepard
rshepard at appl-ecosys.com
Tue Jan 13 14:24:36 UTC 2009
Tim Slighter wrote:
> I don't know but my approach has always been from the opposite side of
> the spectrum, I only use /etc/hosts.allow with an implicit deny for any
> TCP/UDP based inbound connection.
My network, too, has been pounded on by badmorticia.com, as well as
several others. They're all rejected because the user names are not in
/etc/hosts.allow.
Allowing only a limited number of user names to connect via ssh works for
us because there are fewer than a handful of names. For my edification, is
it impractical to maintain /etc/hosts.allow when there are many users on the
network?
Second question that comes from this discussion is the relative advantages
of hosts.allow and hosts.deny. It would be nice to have someone clarify the
differences for me.
Rich
--
Richard B. Shepard, Ph.D. | Integrity Credibility
Applied Ecosystem Services, Inc. | Innovation
<http://www.appl-ecosys.com> Voice: 503-667-4517 Fax: 503-667-8863
More information about the PLUG
mailing list