Comment Re:Not sure about retaliation... (Score 1) 142
DenyHosts includes a PURGE_DENY option which allows you to specify how long blocks are kept for.
Spoofing shouldn't be an issue here. We're not talking about logging SYN packets but failed login attempts. An attacker can't perform those without being able to get packets back from the server and they can't do that if they are spoofing their address. Unless perhaps they are plugged into the same hub as the server but if that's the case you've likely got bigger problems to worry about.