> I previously used denyhosts - but (I can't remember why) it became > preferable to block with IPtables rather than with > tcpwrappers... which > prompted me to dump it in favour of a bespoke script based upon > blacklist.py (http://blinkeye.ch/mediawiki/index.php/SSH_Blocking) - > though, now, I'm tempted by the more professional looking sshguard - > thanks for the tip. Of course, this doesn't really address > the problem > I posted about - because I'm now faced with a highly distributed > dictionary attack...
Fail2ban is iptables based. From the website it now appears to have a map feature so if say you notice most of the attacks coming from China, and none of you ssh useres are in China, you could perhaps block the entire country with http://people.netfilter.org/~peejix/geoip/howto/geoip-HOWTO.html
