>> I know you don't think so (yet) but that is a very bad idea. It
>> enables a denial of service attack. A valid user can be locked out by
>> an attacker. That is bad.
You’re absolutely right; unfortunately, I’m attempting to bring old systems in line with unbending corporate security policy until such time as we can upgrade them to Lenny, or at this point more likely Squeeze. Do you know of any mirrors that would still have fail2ban for Etch?