Menu
▾
▴
Re: [SSHGuard-users] Blacklist behaviour with hell list
|
From: Jim S. <jse...@Li...> - 2021-05-05 22:24:04
|
On Wed, 5 May 2021 14:08:20 -0700 Kevin Zheng <kev...@gm...> wrote: [snip] > > SSHGuard assumes that nobody else is changing the firewall rules > under its control while it is running. That seems to me a reasonable assumption on the service's part. > Under this assumption, it > should not be possible for an attacker who is blacklisted to show > up again. If this does happen, SSHGuard's current behavior is to > warn about it without re-blocking the attacker. > > Perhaps this behavior should change. I don't think so. > [snip] > As you point out, all of this can only > happen when SSHGuard blacklists an attacker while it's running (not > loaded from the blacklist) and the administrator changes the > firewall rules under SSHGuard's control while it is running. > > What should the correct behavior be? Perhaps I'm confused, but how can an application be expected to compensate for somebody or something yanking the rug out from under it behind the scenes? Mind you: I'm still using a very old version of sshguard. It's quite possible I'm missing something key in this discussion. (E.g.: What is this "blacklist" and what is a "hell list?" I looked through my sshguard mail archive and the on-line release notes. Came up bupkis.) If I'm out-of-line, please accept my apologies. Regards, Jim -- Note: My mail server employs *very* aggressive anti-spam filtering. If you reply to this email and your email is rejected, please accept my apologies and let me know via my web form at <http://jimsun.LinxNet.com/contact/scform.php>. |
