[CentOS] Paranoid Firewalling

Sun Oct 9 00:06:52 UTC 2005
Ryan <ryanag at zoominternet.net>

On Saturday 08 October 2005 02:41 pm, Matt Hyclak wrote:
> On Sat, Oct 08, 2005 at 01:50:59PM -0400, Sam Drinkard enlightened us:
> > Looking at that perl script gave me an idea, but yet a question.  I
> > notice there is a line that says something about "Max Retries".  Is that
> > something that is configurable somewhere, or can be turned on?
> >
> > I know there have been long discussions about blocking the brute force
> > attempts at breakins, but at the time I did not see much need for it.
> > Not long after that, I started seeing somewhere between 100 and as high
> > as 800 attempts to break in via the sshd.  Not that I'm too worried
> > about someone guessing a password, but in those numbers, it does take
> > some bandwidth.  I'd like to see something like Max Retries of 3, so if
> > someone tries 3 times to guess the password, or different usernames, it
> > would throw their IP/hostname into the /etc/hosts.deny file,
> > permanently.  BSD does things a bit different, in that the hosts.allow
> > does both the allows and the denies, making hosts.deny pretty much
> > moot.   Given those thoughts, what kind of something is available to do
> > just that -- the max retries thingy?
> >
> > Thanks...
>

Try using ALL: PARANOID in /etc/hosts.deny - this will drop a lot of the 
trojaned residential dsl/cable modems.