I haven't used portsentry for a number of years. I remember it doing a very good job at automatically blocking IPs of hosts trying to crack passwords and so on.
I know that basic common sense will prevent 99.9% of hack attempts from doing any damage, but I recently forgot to configure my firewall correctly and got my mysql server hacked. It was a M$ hack, so no harm was done, but It made me realize that I don't always apply common sense
I now only have 3 ports open on my box, only one of which I'm concerned about. Nonetheless, I want to head off attacks with an aggressive access denial policy based on stuff like failed logins and other stuff.
My heart was filled with sadness as I went to the old portsentry site and found that Cisco now owns the domain. I made a cursory attempt to locate portsentry, but I'm sure Cisco probably just wanted their web traffic (or felt they were a threat) and killed off all their products.
What are folks using these days for automatic host blocking via hosts.deny or equiv?
I've seen mentioned something called Guardian, but I wanted to know what other folks are using. Of course, LQ is the only place to go for such information
Thanks in advance
