[CentOS] sshd: Authentication Failures: 137 Time(s)

Mon Apr 4 09:18:43 UTC 2011
Rainer Traut <tr.ml at gmx.de>


to prevent scripted dictionary attacks to sshd
I applied those iptables rules:

-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -m recent 
--update --seconds 60 --hitcount 4 --name SSH --rsource -j DROP
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -m recent --set 
--name SSH --rsource

And this is part of logwatch:

     Authentication Failures:
        unknown (www.telkom.co.ke): 137 Time(s)
        unknown (mkongwe.jambo.co.ke): 130 Time(s)
        unknown ( 107 Time(s)
        root ( 8 Time(s)

How is it possible for an attacker to try to logon more then 4 times?
Can the attacker do this with only one TCP/IP connection without 
establishing a new one?
Or have the scripts been adapted to this?