I have ssh daemon open on this server and accessible to the internet. I need it since i need to access my computer when i am away. Recently, however, i became the target of brute force attacks against sshd. I would block the offending IP using iptables but this would only last a few hours until the next attacker (from a different IP obviously).
I thought if snort and rules that exist to update iptables automatically but a) that would be a lot of work to setup and b) snort would brock my old computer to its knees (PentiumII with 64Mb ram).
Yesterday i came across denyhosts which is a Python program (yay!) that detects intrusion attemplts and adds them to /etc/hosts.deny. It has a lot of nice features, its easy to setup and quite effective. (well… its Python.. what did you excpect)
Seems quite cool, and it doen’t need snort and plugins and hours and hours of configuration and reading.