I quite like blockhosts approach ... the neat thing is
that it gets launched whenever an ssh connection is
attempted, scans the file(s) you configured and blocks
the IP using the tcp wrappers, that is it edits your
/etc/hosts.allow (.deny - whatever makes your skirt
rise). You can (to avoid blocking a million hosts in
the end) set an expiration - by default a host will be
blocked for 12 hours. Very clever. :}
Cheers,
Tink
|