On 11 Nov 2019, at 12:01, Conrad Wood <cnw@conradwood.net> wrote:

On Mon, 2019-11-11 at 11:54 +0000, Chris Smith wrote:

It occurs to me though that these mechanisms would be an obvious
vector for a DOS attack, by maliciously blacklisting harmless IP
blocks.  I don’t know what measures (if any) denyhosts has taken to
prevent that.


I should have mentioned that I do use some community lists too. The
main point though I was attempting to convey was that I would consider
it beneficial if the blocking was done on a router upstream from the
VPS rather on the VPS itself.

Then my point is perhaps even more valid, and also raises questions about unwanted censorship.  How would I opt out if I needed to?  Perhaps I want to analyse such traffic, or use it to test my own protection software.  One man’s scat is another man’s fetish.  This seems to me far too problematic for what little benefit there is.

Chris

Chris Smith <space.dandy@icloud.com>