It's not a big issue, but I'm wondering if there is a DNSBl that lists
IPs that are engaging in brute force ssh attacks. And if there is
such a list, is there a way to integrate that information into a
firewall or sshd.
As I've said this really isn't a big issue for me, as the brute force
attempts at sshd are nothing but an annoyance as I review logs.
The attacks that I'm seeing appear to be coordinated and distributed.
That is, there will be one attempt on username "fred" from one IP
immediately followed by an attempt on "freddy" from another IP
followed by an attempt on "fredrick" from a third source and so on.
Jeffrey Goldberg http://www.goldmark.org/jeff/