From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([69.77.167.62] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1LQ2HZ-0005Hu-3H for garchives@archives.gentoo.org; Thu, 22 Jan 2009 16:19:55 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id D4E5BE03F4; Thu, 22 Jan 2009 16:18:34 +0000 (UTC) Received: from wf-out-1314.google.com (wf-out-1314.google.com [209.85.200.168]) by pigeon.gentoo.org (Postfix) with ESMTP id 39A08E03F4 for ; Thu, 22 Jan 2009 16:18:33 +0000 (UTC) Received: by wf-out-1314.google.com with SMTP id 29so5082851wff.10 for ; Thu, 22 Jan 2009 08:18:32 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:sender:received:in-reply-to :references:date:x-google-sender-auth:message-id:subject:from:to :content-type:content-transfer-encoding; bh=WMG67Q2s7s5lFcMnXCm8FIikwA498TjwM1Pcvpiz0V4=; b=EKaW6LBsCMoJBpw82+XEdfddAf5x3OG6HWVhREc5eCokOeVhKjltVbYddnT+Gn4s5v iithcwgx8Woc6dhVCV5ZEyZzX+05Cs82oNCZhvwivF7SMcL3c/KbHyT1+utiitbAPTE/ /lQN+A2WZvjURrCJnSlgkvSkY3Bf02e96AD7Y= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:sender:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:content-type :content-transfer-encoding; b=aTx8IE5YhZoqfJj690D7DPyQyRDH0NO3YVGBJvmW67JsoYtxKDPT5qi84VADoYahSe 4RVDD+pTsUmyUPXM7+nKFoeDlcwJofTA0dJ/LgQREqQVTYrUYmM30XpafKiSy2K0opgG WWO0j/a+xIMbWdqswmx6r+rG1Ftl9zTmmJwv8= Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 Sender: paul.hartman@gmail.com Received: by 10.140.201.8 with SMTP id y8mr1824693rvf.101.1232641112880; Thu, 22 Jan 2009 08:18:32 -0800 (PST) In-Reply-To: References: <58965d8a0901201333j458b57e8hde9fe4c857e00e2c@mail.gmail.com> <58965d8a0901201354n30001077v3771d17ec20b4b03@mail.gmail.com> <58965d8a0901210635j2670c615ya760ae862125978b@mail.gmail.com> <58965d8a0901211449x5da42120ib8a8087d97ebce70@mail.gmail.com> Date: Thu, 22 Jan 2009 10:18:32 -0600 X-Google-Sender-Auth: dec2ac4f5a6a3085 Message-ID: <58965d8a0901220818l518767f4nddb3f18947953b5c@mail.gmail.com> Subject: Re: [gentoo-user] Re: Why isn't sshd blocking repeated failed login attempts? From: Paul Hartman To: gentoo-user@lists.gentoo.org Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Archives-Salt: 83ee823e-5546-4daa-b31a-c759e82578dc X-Archives-Hash: 66775dd2a255d005d3262ed1ce1d7408 On Thu, Jan 22, 2009 at 10:06 AM, Nikos Chantziaras wrote: > Paul Hartman wrote: >> >> On Wed, Jan 21, 2009 at 11:53 AM, Nikos Chantziaras >> wrote: >>> >>> Can you check the logs to see the timespan in which those hundreds of >>> attempts took place? Also, what's the time interval Denyhosts checks for >>> login attempts? >> >> The most recently denied host from this afternoon made over 200 login >> attempts in a span of 17 minutes before denyhosts caught it. In my >> denyhosts.conf I have these: >> >> DENY_THRESHOLD_INVALID = 3 >> DENY_THRESHOLD_VALID = 3 >> DENY_THRESHOLD_ROOT = 1 >> DENY_THRESHOLD_RESTRICTED = 1 > > What is the value of DAEMON_SLEEP? ####################################################################### # # DAEMON_SLEEP: when DenyHosts is run in daemon mode (--daemon flag) # this is the amount of time DenyHosts will sleep between polling # the SECURE_LOG. See the comments in the PURGE_DENY section (above) # for details on specifying this value or for complete details # refer to: http://denyhosts.sourceforge.net/faq.html#timespec # # DAEMON_SLEEP = 30s