On Tue, Aug 10, 2010 at 07:12:59PM -0400, Bob Hoffman wrote: > I have a server sitting right on the net and the constant barrage of 100s of > Ips trying thousands of times at port 22 is insane. You're quite sane. Anyone likely to hit your ssh at its new port is likely to try port 22 first. So if they show up there first, blocking them is good - unless you have legitimate users who may forget to go to your special port and so get locked out after trying the default port first. There are several packages that integrate port scanning detection with iptables rule generation. One such is here: http://cipherdyne.org/psad/ - Whit