-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Monday 2005-12-26 at 13:14 +0100, steve wrote:
Sorry to jump in late on this thread but doesn't the OP simply need an entry in /etc/hosts.deny for the IP he wants to block?
ALL:the.ip.of.hacker or maybe: sshd:the.ip.of.hacker
If it is only one, yes. But, if the hacker is intent on hacking you, he will switch to another IP. If not, there are many more "script kiddies" out there who will try. So, you need a dynamic or automated tool. I know of one at least that edits that file, and removes the entries after a configurable delay - login_sentry, http://www.lumiere.net/~j/login_sentry/ I think I prefer the firewall way, as the connection attempt can be simply dropped. Less traffic at our side. Also, it seems to me the automation is easier and robust, it works at the kernel level. Programs like login_sentry work scanning the logs, I understand. - -- Cheers, Carlos Robinson -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (GNU/Linux) Comment: Made with pgp4pine 1.76 iD8DBQFDsEd5tTMYHG2NR9URArxIAKCXuQ3w1EgS7EO/upaW2y8diA1ZJACfa58/ dZSGNXYJ6EDxeG59pUpFsAk= =JwvB -----END PGP SIGNATURE-----