For the /etc/hosts.deny question, it seems to be badly formatted. Can you put the text from that file in a post? /etc/hosts.deny denies access to the machine remotely based on rule-settings such as the following:

ALL: ALL EXCEPT 127.0.0.1, <your_outside_ip_here, preferably static>

This will still allow a 'connection' but then it'll be closed but localhost (loopback) and the other allowed IP will be able to get in.

Another thing to make sure of, which I'm pretty sure is already the case, is to make sure TCP Wrappers are installed. TCP Wrappers was made by Wietse Venema and is kickass for ensuring the service that's being connected to. Go
here for more information.

As for sshd receiving a SIGTERM (signal 15) and bailing, I'm not sure given the info if that's because of an internal error or because of an outside attack. SSH by default install is pretty stable provided the binary was configured correctly for your machine/OS.

Another measure to take is to find out if you have a banner set for telnet. On RH, you have /etc/issue and /etc/issue.net. Do the following:

# cd /etc/rc.d
# vi rc.local (go down to the /etc/issue part)


In rc.local make sure that something other than the usual uname information is going into /etc/issue.net and /etc/issue. This way, you'll have a notice instead of critical information about your machine. I usually put something like "Welcome to MS-DOS 1.0" or something else...

Now only if I remembered where wu-ftp's information is so they can't find out what kind you use, although if they get in as anonymous, they can run SYST to find out...blah.