I want to "protect" from brut force attack. My idea is: If there is 10 unsuccessful logins { add firewall rule "disable ssh port for attacker IP" } How to do this on centos 5.1 with ISP config (because firewall is disabled)?
Take a look here: http://www.howtoforge.com/preventing_ssh_dictionary_attacks_with_denyhosts http://www.howtoforge.com/fail2ban_debian_etch http://www.howtoforge.com/blockhosts_debian_etch
have you done the simple thing of changing the port that the ssh is on that will also help out big time
