On Tue, March 9, 2010 12:16 pm, Walter wrote: > I don't understand how blocking an IP that has had > a hundred failed login attempts in the last ten > minutes could create a DoS hole...
I bet each firewall out there has an accompanying script to do this - it's a common problem. There was even something with it for DragonFly: http://www.shiningsilence.com/dbsdlog/2005/03/04/984.html Moving ssh to a nonstandard port (to keep your logs clear) and using keyfiles instead of passwords appears to be the best bet, at this point.
