Christopher Hunter <[log in to unmask]> writes:

> A few months ago someone posted iptables rules using the "hitcount"
> module to limit the rate of new ssh connections (from an ip address).
> Does anyone use this ? Does it work ?
>
> Can someone repost the rules ?

Attached is the script I started using after the brute force attempts
started.  Using it drastically reduced the number of bogus password
attempts.  Typically, any particular attempt would would give up and
not restart after the block expired.  Now we disallow passwords
entirely on any publicly visible SSH server (and so should you) so
it's less useful.

Regards,
-Brett.