Posted by ajt on Thu 22 Sep 2005 at 12:30
As everyone knows there are a lot of script kiddies out there, running port scanners and SSH dictionary attack tools. Assuming you have proper SSH configuration, this isn't a problem, but it is a nuisance as it clogs up the logs.
In this article Protecting Linux against automated attackers, Ryan Twomey suggests some tools for automatically blacklisting an IP based on failed login attempts.
Which tools have people found useful, and actually worth using?
I already read the suggestion here Using iptables to rate-limit incoming connections and Keeping SSH access secure.
This article can be found online at the Debian Administration website at the following bookmarkable URL (along with associated comments):
This article is copyright 2005 ajt - please ask for permission to republish or translate.