Re: SSH IP Blocking

From: James Riden (
Date: 04/18/02

From: James Riden <>
Date: 18 Apr 2002 17:04:42 +0100

Tim Haynes <> writes:

> You're going to get *FAR* more one-port single-SYN scans, or occasional
> SYN+FIN scans, and never hear from the IP# again. Unless you *really* know
> better, I suggest you're going to waste your firewall rules on folks who're
> never coming back - do let me know if you get anything like >1% repeat
> offenders, right?

If you don't mind blocks instead of individual IPs, t-online and
wanadoo are far above 1%.

James Riden /
My opinions are my own, not the University's.
"When in Rome; burn it." -- GCU Arbitrary