How about
/etc/hosts.deny and
/etc/hosts.allow.
I keep telling you to ignore them. If you want to use tcp wrappers, still, look for other options they'll be better in the long run... though tcp_wrappers adds yet another layer of control, it might be to much for you to handle.
Knight is proof of at least 500K SSHD connects like that.
If you really want to do something about it or don't want to be bothered by the log entries, change logging levels on SSHD and PAM...
Or do something smart like looking at using
KNOCKD.
[greg@king:~]$ apt-cache show knockd\nPackage: knockd\nPriority: optional\nSection: net\nInstalled-Size: 168\nMaintainer: Leo Costela <costela@debian.org>\nArchitecture: i386\nVersion: 0.5-1\nDepends: libc6 (>= 2.3.2.ds1-21), libpcap0.8, logrotate\nFilename: pool/main/k/knockd/knockd_0.5-1_i386.deb\nSize: 25382\nMD5sum: 45cf0ccba2f9130656b2b91bdeed6c53\nDescription: small port-knock daemon\n A port-knock server that listens to all traffic on a given network\n interface (only Ethernet and PPP are currently supported), looking for\n a special "knock" sequences of port-hits. A remote system\n makes these port-hits by sending a TCP (or UDP) packet to a port on the\n server. When the server detects a specific sequence of port-hits, it\n runs a command defined in its configuration file. This can be used to\n open up holes in a firewall for quick access.\n .\n URL: http://www.zeroflux.org/knock/\nTag: interface::daemon, protocol::ethernet, role::sw:server
There are other apps that do similar. Including opening certain ports for services for a short time to allow whatever service and then closing.
FYI Fecking Comcast is sending out a technician to my house to fix my cable modem. Last time they were here, they found that nothing was wrong, in fact they found less than 1db signal loss from the lines on the pole to the cable modem itself. AND, they tested from the Lines on the pole to the DOCSIS router and it had WONDERFUL signal strength, almost "too much". But for DOCSIS, ain't no such thing.
I have noticed they finally are getting around to enforcing authorized/not-authorized firmware on cable modems. Updating automagically with a Certificate signature from the Cable Modem Manufacturer. This is causing lots of issues. Framing Errors, Sync problems, Timing problems, TFTP and DHCP problems, among other things.
I am betting that the tech won't find a damn thing wrong with my stuff YET AGAIN!
--
[link|mailto:greg@gregfolkert.net|greg],
[link|http://www.iwethey.org/ed_curry|REMEMBER ED CURRY!] @
iwetheyFreedom is not FREE.
Yeah, but 10s of Trillions of US Dollars?
SELECT * FROM scog WHERE ethics > 0;
0 rows returned.