ssh brute force attacks

[Dark_Matter]

On one of my dedicated boxes i was getting brute force attacks on port 22 on my ssh server. I monitored the attacks for a few days as i have Access Control enabled for my ssh server so only the shell users i define can login anyway. I even went as far as restricting shell logins to a signle ip on my box instead of allowing shell logins on all ips. Thus far my added measures have stoped the attacks dead. My real question is for the other g33ks here that own dedicated boxes have you noticed or ever had any ssh brute force attacks. Do any of you even check your logs? Just anxious to see how wide an issue this might be.

[Dark_Matter]

Found a nice program that also deals with this issue.

http://www.csc.liv.ac.uk/~greg/sshdfilter/

Also an article on the issue of SSH Brute Force Attacks.

http://it.slashdot.org/article.pl?sid=05/07/16/1615233&from=rss

[lorne]

I have had them on my box but as usual they were unsuccesful. Brute force attacks like that are generally done by people that don't know what they are doing. The people you have to worry about are the ones that don't show up in the logs

[Dark_Matter]

This is so true. ehhhh

[ghostmaster]

A professor of mine wrote an adaptive firewall program for his SSH box that will detect a brute force attack and block the attacking IP address.  I think he distributes it through GPL.

[Dark_Matter]

very nice if you would care to send me in the direction of this tool/program feel free. 

[humorman]

  Me to I would like this program please. I just got a new box and need it thanks.