"FEEB" <feeb@chem.utoronto.ca> writes:

]On 7 Sep 2004 16:56:58 GMT, Mark A. Odell wrote:

]>"FEEB" <feeb@chem.utoronto.ca> wrote in
]>news:srropurzhgbebagbpn.i3ohdhe.pminews@news1.che m.utoronto.ca:
]>
]>>>> I would like to have the following scenario implemented on my
]network:
]>>>>
]>>>> 1.
]>>>> Someone tries repeatedly and illegally to log in as 'admin', 'root'
]or
]>>>> whatever from some IP using SSH (or any other means).
]>>>
]>>>Why not just set hosts.deny to ALL: ALL and then open up only those IPs
]>> or
]>>>domains you wish to allow in hosts.allow?
]>>
]>> We must be open to anyone. That's our business :-)
]>
]>Ah. Then just put the bad IP or IP range into the hosts.deny. Of course
]>this won't scale well for many IP addresses.

]It would be quite inconvenient in our case of 4 full C-blocks.

What? You have four full C blocks all of which you want to deny? (actually
that is easy, since you can put nets into hosts.deny, not just host
addresses). I think you need to make clearer what you want to do and why
you want to do it.


]The mechanism of blocking the intruder is available. However, I want to
]do it automatically and only after the certain trigger level has been

Again, why?