> | I think most people deny based on IPs that have been allocated to .cn. I
> | want to put in rules like this, so I'll be figuring it out soon, just not
> | quite yet :).
> 
> I figured a line in hosts.deny to block based on reverse DNS mappings
> would be a simple, quick solution, and probably a bit easier than
> figuring out whole blocks of IPs allocated to China.

Putting it in hosts.deny still allows the attackers access to the daemon and may 
allow them to get in via vulnerabilities of either the wrapper or the ssh daemon 
itself.  Would be better to create a true firewall rule (iptables) that flat out 
drops packets from those regions before the services even deal with them.  The 
advantage of deny vs reject is that the offender doesn't get squat back for that 
request and has to wait for the connection to time out which means more time 
until it tries something or somewhere else...
---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change  you mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss