[CentOS] sshd: Authentication Failures: 137 Time(s)

Mon Apr 4 13:07:24 UTC 2011
Rainer Traut <tr.ml at gmx.de>

Am 04.04.2011 12:34, schrieb Marian Marinov:
>> How is it possible for an attacker to try to logon more then 4 times?
>> Can the attacker do this with only one TCP/IP connection without
>> establishing a new one?
>> Or have the scripts been adapted to this?
>
> The attackers are not trying constantly.. Just a few bursts of trys.
>
> Look at denyhosts ( http://denyhosts.sourceforge.net/ ).
> I also have a tool for protecting from brute force attacks called Hawk (
> https://github.com/hackman/Hawk-IDS-IPS ).

Ok, thanks to both of you, it seems the scripts getting better and better.
Will change my iptables rule to keep the blacklist for longer.

Thx
Rainer