On December 3, 2008, Steve wrote:
> Dmitry S. Makovey wrote:
> >> Erm - surely I either need to set up my client to port-knock... which
> >> is a faff I'd rather avoid... in order to use the technique.
> >
> > nope. just start connection. wait a minute. cancel. start another one.
> > wait a minute. cancel. start new one - voila! :)
>
> Eeew... especially as this would apply to all connections - even the
> ones where I have a DSA key.  I might be able to cope with this if it
> only applied to my initial connection, from which I could grab a copy of
> the DSA key.

Ok, let's theoreticise some more. My paranoia feels particularly frisky today, 
so here it is:
remember, I've mentioned origianlly that once you authenticate successfully 
once with DSA key - your IP is whitelisted. So subsequent connections go 
right through.

> > well. Nobody but you knows your requiremens and specifics - we're just
> > listing options. It's up to you to either take 'em or leave 'em ;)
>
> Fair enough - but I've still not found an option for sharing/using
> shared block lists for bot-nets.

Open a Wiki page on Wikipedia, update it every so often and provide simple 
parser for it so others can recycle same IPs. Since it's a Wiki page - others 
can update it as well (including botnet owners, but then they'd have to 
reveal themselves - tricky situation) :)

P.S.
I think I'd better stop with my mad science projects here before I go too far 
and invent brand new theory on host protection ;)

-- 
Dmitry Makovey
Web Systems Administrator
Athabasca University
(780) 675-6245