might be for you.


> -----Original Message-----
> From: Zembower, Kevin []
> Sent: 28. mars 2006 16:13
> To:
> Subject: Advice on dealing with scripted SSH attacks?
> What's the current advice on dealing with scripts that
> repeatedly try to log onto SSH using a list of common
> usernames and 'password' for the password? I get up to 4,000
> of these a day from a single server. In searching Google on
> this, I've learned of techniques using PAM and firewall rules
> that are created dynamically in response to log-in attempts.
> Can someone point out a link or tell me what they think are
> the best practices for dealing with this? Sooner or later,
> one of my users is going to have the unfortunate combination
> of a common user name and a bad password.
> Ideally, what I'd like would be a system that exponentially
> increases the timeout period after each repeated failed login
> attempt from the same host up to a maximum of 10-20 minutes
> before resetting.
> Thanks for your advice.
> -Kevin Zembower