|
||||||||
Meant this to goto the list Just to clarify.. Denyhosts would run on the server not on m0n0wall. Someone could possible do a trend analysis of the hosts that are blocked and right a script that could suggest rules to be added to the firewall for hosts/networks that just do not get the hint. -Ron -- Ron Rosson ron dot rosson at gmail dot com http://www.oneinsane.net > From: Chris Buechler <cbuechler at gmail dot com> > Date: Mon, 20 Mar 2006 17:22:02 -0500 > To: MonoWall-General List <m0n0wall at lists dot m0n0 dot ch> > Subject: Re: [m0n0wall] m0n0wall and swatch to protect ssh! > > On 3/20/06, Ron Rosson <ron dot rosson at gmail dot com> wrote: >> Denyhosts.sf.net seems to be doing the Job and it has the capability of >> running in a distributed mode. >> > > Yeah, there are several similar to that, though that's the first I've > seen with a centralized database. That runs on the SSH server as > well. > > The reason this is impossible to do entirely on the firewall itself is > because from the firewall's perspective, SSH is SSH. It doesn't know > a failed login from a successful login. Best you could do would be to > somehow integrate some agent on your servers to communicate with > m0n0wall and update its ruleset appropriately. No such thing exists, > and personally, I'd rather that be handled entirely by the server > anyway (letting any server automatically update the ruleset on the > firewall protecting it is a bad idea). > > -Chris > > --------------------------------------------------------------------- > To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch > For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch > > |