From owner-freebsd-questions@FreeBSD.ORG  Sun Mar 19 01:24:44 2006
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
X-Original-To: freebsd-questions@freebsd.org
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id EF5B316A401
	for <freebsd-questions@freebsd.org>;
	Sun, 19 Mar 2006 01:24:44 +0000 (UTC)
	(envelope-from chris@chrismaness.com)
Received: from ylpvm43.prodigy.net (ylpvm43-ext.prodigy.net [207.115.57.74])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 5BC6343D53
	for <freebsd-questions@freebsd.org>;
	Sun, 19 Mar 2006 01:24:44 +0000 (GMT)
	(envelope-from chris@chrismaness.com)
Received: from pimout7-ext.prodigy.net (pimout7-int.prodigy.net
	[207.115.4.147])
	by ylpvm43.prodigy.net (8.12.10 outbound/8.12.10) with ESMTP id
	k2J1OkBd029978
	for <freebsd-questions@freebsd.org>; Sat, 18 Mar 2006 20:24:47 -0500
X-ORBL: [69.108.92.143]
Received: from [127.0.0.1] (adsl-69-108-92-143.dsl.irvnca.pacbell.net
	[69.108.92.143])
	by pimout7-ext.prodigy.net (8.13.4 outbound domainkey aix/8.13.4) with
	ESMTP id k2J1ObPo152272; Sat, 18 Mar 2006 20:24:42 -0500
Message-ID: <441CB2D8.3090707@chrismaness.com>
Date: Sat, 18 Mar 2006 17:24:40 -0800
From: Chris Maness <chris@chrismaness.com>
User-Agent: Thunderbird 1.5 (Windows/20051201)
MIME-Version: 1.0
To: Kris Kennaway <kris@obsecurity.org>
References: <441CA1F9.20301@chrismaness.com>
	<20060319004947.GA65074@xor.obsecurity.org>
In-Reply-To: <20060319004947.GA65074@xor.obsecurity.org>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Cc: freebsd-questions@freebsd.org
Subject: Re: hosts.allow ?
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 19 Mar 2006 01:24:45 -0000

Kris Kennaway wrote:
> On Sat, Mar 18, 2006 at 04:12:41PM -0800, Chris Maness wrote:
>   
>> My denyhost script is doing it's job by adding:
>>
>> sshd: 62.149.232.105 : deny
>>
>> to the hosts.allow file, but I see that this host is still making 
>> attempts to get into my box.
>>     
>
> Where do you see this (i.e. logged by what)?  hosts.allow doesn't
> block the IP from connecting to the port, it blocks the application
> that listens on the port from allowing this IP to authenticate.
> e.g. your firewall may still log the connection.
>
>   
p.s. I tried a test from another one of my host by adding a line just 
like the one above and it still allows me to login.