Re: [m0n0wall] Block 300 IP's

From:	Tim Nelson <tnelson at rockbochs dot com>
To:	m0n0wall at lists dot m0n0 dot ch
Subject:	Re: [m0n0wall] Block 300 IP's
Date:	Fri, 19 Dec 2008 08:17:35 -0600 (CST)

Denyhosts does have a timeout setting for how long hosts should remain in the hosts.deny file. Upon
reaching this value, the entries will be purged. I have a few systems with 1000+ entries(attacked
very often and very lengthy deny periods :-) ) from Denyhosts and it does not slow anything down.

Tim Nelson
Systems/Network Support
Rockbochs Inc.
(218)727-4332 x105

----- "Quark IT - Hilton Travis" <Hilton at QuarkIT dot com dot au> wrote:
> The issue I have with DenyHosts when compared with DenySSH is that it
> creates an ever-growing list of IPs to block that is contained in
> /etc/hosts.deny as compared to DenySSH that adds these IPS to a
> Packet
> Filter table for a pre-determined period of time.  The DenyHosts
> method
> will result in a huge, slow to process hosts.deny file, whereas the
> DenySSH method will result in only temporarily blocking the hacker's
> IPs
> and will remove those IPs once they are no longer actively hacking
> away
> at your machine.