On Dec 7, 2011, at 4:49 AM, Johnny Hughes wrote: >> There is also use of denyhosts and fail2ban. They allow only few >> attempts from one IP, and all users can share attacking IP's (default is >> every 30 min) so you are automatically protected from known attacking >> IP's. Any downside on this protection? > > No downside, and they do work. ---- I am a true believer and use denyhosts everywhere but to say there is no downside, that's not entirely true - I had a co-worker who was dyslexic, and you would be surprised how often he locked himself out ;-) Honestly, I don't know how he got a college degree in CIS being as dyslexic as he was. Craig