> | I think most people deny based on IPs that have been allocated to .cn. I
> | want to put in rules like this, so I'll be figuring it out soon, just not
> | quite yet :).
>
> I figured a line in hosts.deny to block based on reverse DNS mappings
> would be a simple, quick solution, and probably a bit easier than
> figuring out whole blocks of IPs allocated to China.
Putting it in hosts.deny still allows the attackers access to the daemon and may
allow them to get in via vulnerabilities of either the wrapper or the ssh daemon
itself. Would be better to create a true firewall rule (iptables) that flat out
drops packets from those regions before the services even deal with them. The
advantage of deny vs reject is that the offender doesn't get squat back for that
request and has to wait for the connection to time out which means more time
until it tries something or somewhere else...
---------------------------------------------------
PLUG-discuss mailing list -
PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change you mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
(text/plain)