Comment Simplest, bestest (Score 1) 497
deadmongrel and PhunkySchtuff have really answered your question the best of all.
I can't add much to it except for these comments. denyhosts works great and we use a threshold of 1 failure on unknown logins and only 3 failures on known logins. It takes attention to detail as a remote user but it really works well. We set the thing to completely shut out someone who pulls that SSH crap on us, assuming that they are a bad buy. By extension, we use our firewall to log things that shouldn't be happening and tell us about the source IP. Again we assume they are bad guys (or gurls) and simply shut em out forever. Same thing goes for POP3 scans, etc. Hey, there are only a few billion possibilities (in IP4), knock em down and coordinate your data with others to save them time.
I can't add much to it except for these comments. denyhosts works great and we use a threshold of 1 failure on unknown logins and only 3 failures on known logins. It takes attention to detail as a remote user but it really works well. We set the thing to completely shut out someone who pulls that SSH crap on us, assuming that they are a bad buy. By extension, we use our firewall to log things that shouldn't be happening and tell us about the source IP. Again we assume they are bad guys (or gurls) and simply shut em out forever. Same thing goes for POP3 scans, etc. Hey, there are only a few billion possibilities (in IP4), knock em down and coordinate your data with others to save them time.