Am 04.04.2011 12:34, schrieb Marian Marinov: >> How is it possible for an attacker to try to logon more then 4 times? >> Can the attacker do this with only one TCP/IP connection without >> establishing a new one? >> Or have the scripts been adapted to this? > > The attackers are not trying constantly.. Just a few bursts of trys. > > Look at denyhosts ( http://denyhosts.sourceforge.net/ ). > I also have a tool for protecting from brute force attacks called Hawk ( > https://github.com/hackman/Hawk-IDS-IPS ). Ok, thanks to both of you, it seems the scripts getting better and better. Will change my iptables rule to keep the blacklist for longer. Thx Rainer