Rainer Traut <tr.ml at ...> writes: > > Hi, > > to prevent scripted dictionary attacks to sshd > I applied those iptables rules: SNIP > Lots of good advice from several people. All of the suggested solutions mean you still have to wade through log entries from the unsuccessful attacks. I've been quite happy with similar IP tables rules but I moved sshd to listen on something other than port 22 for external connections. I haven't seen a single brute force attack since making the move and all unsuccessful attempts to login via ssh get logged so it's not like attackers can stay below my radar. It seems that the script kiddies who are responsible for most of these attacks don't bother scanning (nmap) before the attack. If port 22 isn't open they move elsewhere. If I ever see any failed login attempts I can assume that the perpetrator is at least a little more skilled than usual and possibly take additional action. Cheers, Dave