Blacklisting IPs

[Olaf Greve]

Hi,

> It's best to report them and it's not hard to do it.  There
> are automated tools that will do it.

I would be very interested in setting up such a tool on my server as 
well. My passwords are not easy to guess, and root is not allowed to 
login anyways, and changes are extremely slim that someone will guess 
the one and only username/password combination that is actually allowed 
to SSH and to su -.

Nonetheless, I find it annoying that some kids with nothing better to do 
download these stupid brute force tools in order to call themselves 
hackers. Duh!

Therefore, I could well do without having 22,000 lines of failed 
attempts in my securityy logs (though as of late they haven't been that 
long), and I wouldn't mind reporting the critters to their ISPs.

Does anyone have a good suggestion for such a tool?

It would be cool if the tool could spot such brute force attempts, and 
when it sees e.g. more than 5 failed attempts from the same IP within 
say 5 minutes of time, it would blacklist the IP, and would 
automatically report the crack attempt to the ISP of the critters.

Anyone?

Cheerz!
Olafo