For those of you not yet using a port-knocker or otherwise getting irritated with the crap all the script kiddies are filling your system logs with from endless connections against your sshd, this article is for you.

Just two (or four, if you like logging) slightly obfuscated lines of iptables, and you can not only stop the lamers, you can slow their scripts down. (Something that's bound to get me packeted sooner or later, but whatever) This is quite portable to anything that's got a reasonably recent version of iptables (1.3.x) installed. You only need the barest of netfilter support in the Linux kernel.

The goal of this article is to outline a simple method for blocking brute force attacks on sshd for users of Slackware Linux. With a few minor changes, this technique will work on any Linux box with netfilter support in the kernel and a reasonably recent version of iptables (1.3.x) installed. It makes use of the ipt_recent module for netfilter to track who just connected to the port, and to refuse subsequent connections from that host for a given number of seconds. One side effect of this technique is that it will slow down the idiots scanning the Internet looking for even bigger idiots.

Good link dag