On Mon, 2008-01-28 at 22:19 -0500, Jim Perrin wrote: > On Jan 28, 2008 10:14 PM, Les Mikesell <lesmikesell at gmail.com> wrote: > > Craig White wrote: > > >> > > >> We will work also with the Red Hat Security team and see if we can > > >> isolate any issues that might be FIXABLE. > > > ---- > > > doesn't this almost beg for upstream to make denyhosts a base install > > > and automatically on, just as sshd is automatically on? > > > > I've always wondered why a program like sshd didn't rate-limit > > connection attempts from day one. It's not exactly a new concept, > > especially for a security-oriented program. > > It's a question of scale. For some systems, 30 people logging in is > too many. For others, it's 3000. There is no 'right' default value. It > should be (and is) left up to the admin and iptables. ---- conjecture aside, that doesn't stop us from submitting an RFE upstream. Craig