ssh brute force attacks 3206

buttuming you know my home machine's address and buttuming my filter is going to dumbly add that? Both buttumptions seem farfetched to me - and again, even if I did blindly let my software do that, I reset those temporary rules in the morning and review them.

I understand that (and said so earlier). That's why I do so only temporarily to block out an annoying pest for the evening. If they return another day or night, I may add them to a more permanent list but even that doesn't stay blocked forever, because that could deny someone who later gets that address and isn't a black hat.

I hate repeating things over and over but it seems to be necessary in today's Usenet because nobody bothers to read entire threads. So, the original statement I questioned was

"Blocking IPs because of failed logins is a nice way introducing DOS attacks against yourself. What if someone spoofs the IP?"

I do not see that. As you note, I may mistakenly block a legitimate IP, but as I have explained, it's only temporarily, and I'm not going to block myself out. In the case of someone else's ip, that's a DOS for them specifically and has nothing to do with "introducing DOS attacks against yourself".

And, again, the intent of this is to block out people who apparently are trying to break in. If the perpetrator's purpose is to tie up my machine's resources, they have numerous ways to do so, not all of which I can thwart, but blocking their ip certainly doesn't INCREASE their ability to DOS me.

So - I block out IP's of apparent break-in attempts. I do so until the next day automatically, and then review to decide if they need to go in a more permanent list, but even that is expired after some period of time. I feel this just adds to my security - why NOT put extra roadblocks in front of someone trying to break in? How is this "a nice way introducing DOS attacks against yourself" ?

-- Tony Lawrence