sophana wrote:
using denyhosts is sufficient for me. After several password attempts, it simply disables the ip address. I now have 133 denied ips in /etc/hosts.deny
I might throw this out -- I also offer RPMs for RHEL4, FC4, and CentOS4 (i386) of portsentry; look here:
http://rpmfind.net/linux/rpm2html/search.php?query=portsentry&submit=Sea......
...look for 'Falsehope' towards the middle, all my RPMs are tagged with .te.; I install portsentry on any server that exposes a service through a firewall (or no firewall at all), and it catches a *lot* of stuff for you.
Portsentry's ability to catch a portscan right away and block the IP can help save you in the long run. I have no idea why it's not in the official upstream sources anymore, it disappeared a couple of versions ago.
-te