Just one possibly silly question. Why are you working so hard to do this with complex scripts and stuff?
I just wrote a little C snippet that runs on the firewall. All servers allowing external ssh send a copy of ssh auth to a port on the firewall. If it detects a brute force it adds the host to the block list and everything from that host is silently dropped. Added a whitelist function to avoid DOS attempts. Works perfect, and adds community service by letting the trawlers hang until they timeout. -- // hdw _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
