[TriLUG] Denyhosts and Custom Regex

Jim Tuttle jjtuttle at trilug.org
Fri Nov 7 11:21:29 EST 2008


Hi Alan,

The why isn't related to the how that I questioned the list about, but
I'm game.  I want to lock it down to reduce the chance that I get nailed
by campus IT.  I expect they won't buy my business case or ability to
secure my own system.  I just want to be able to say "Look, I took these
steps to secure this service."  Until recently, it was aim to make all
of my systems invisible and use iptables to drop connections to any
listening service except from specific hosts.  Now I want to have a more
usable environment without exposing myself to undo risk.


James

Alan Porter wrote:
>> I've written a custom regular expression to add to hosts.deny
>> addresses that visit port 80 more than once.
> 
> This does not make sense to me.
> 
> Denyhosts is supposed to keep password-guessers out of your system.
> If someone is hitting your SSH daemon with HTTP traffic, then that
> is a completely different problem.  It's harmless (although it *does*
> use up a little bit of SSHD resources to answer the call -- adding
> their IP to hosts.deny would move that burden from sshd to libwrap).
> 
> It's not as if they are trying DDOS you.  And SSHD is certainly not
> going to let them in.  So why would you want to block these mis-guided
> web hits that happen to bump into your SSHD port?
> 
> Alan


-- 
--
---Jim Tuttle
------------------------------------------------------
http://www.braggtown.com
PGP Key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x69B69B08




More information about the TriLUG mailing list