On 03/09/2013 09:57 AM, Tilman Schmidt wrote: > So it seems there is no way to identify password bruteforcing attempts > on servers which don't accept password authentication in the first > place. Yes... you can't detect what you don't receive. If you want to block hosts that are scanning for vulnerabilities, you could set up a honeypot. Watch its logs and ship off the firewall rules to a device at the edge of your network.