Firewalls using a DNSbl (and distributed ssh attacks)

[Jeffrey Goldberg]

It's not a big issue, but I'm wondering if there is a DNSBl that lists  
IPs that are engaging in brute force ssh attacks.  And if there is  
such a list, is there a way to integrate that information into a  
firewall or sshd.

As I've said this really isn't a big issue for me, as the brute force  
attempts at sshd are nothing but an annoyance as I review logs.

The attacks that I'm seeing appear to be coordinated and distributed.   
That is, there will be one attempt on username "fred" from one IP  
immediately followed by an attempt on "freddy" from another IP  
followed by an attempt on "fredrick" from a third source and so on.

Cheers,

-j



-- 
Jeffrey Goldberg                        http://www.goldmark.org/jeff/