Dennis McLeod wrote: > They basically detect port > >> scans and add a firewall rule to temporarily block that ip. >> Does anyone know what tool that is? >> >> Also disabling remote login as root should help. >> >> Russ >> > > > Fail2ban, is what you are looking for, I think.... > > http://www.fail2ban.org/wiki/index.php/Main_Page > > Dennis > > ____________________________________________ > Sweet, actually this looks more like what I wanted, but rackspace said wasn't available. This bans the ips if there are a lot of password failures. There is also another tool which bans ips for port scans. I think it's been discontinued, but perhaps there is another one out there? Russ