Posted by ajt on Thu 22 Sep 2005 at 12:30
As everyone knows there are a lot of script kiddies out there, running port scanners and SSH dictionary attack tools. Assuming you have proper SSH configuration, this isn't a problem, but it is a nuisance as it clogs up the logs.
In this article Protecting Linux against automated attackers, Ryan Twomey suggests some tools for automatically blacklisting an IP based on failed login attempts.
Which tools have people found useful, and actually worth using?