I just recently found the following IPTABLES rules, and let me just say they rock. What the following does is allows 2 tcp connects to port 22 in a variable time window. After which, it will reject all further connect attempts until the window has expired ( in my example, 5 minute window ). This has effectively prevented any brute force attempts on my server from bots, although a dedicated cracker may take the time to discover my personal window and code around it. Anyway, here are the rules:
Again, I don't know how helpful this is the OP, but I know I find it extremely useful and I'm sure others will too.
Code:
-A INPUT -p tcp -m tcp --dport 22 --tcp-flags SYN,RST,ACK SYN -m recent --set --name sshattack --rsource
-A INPUT -p tcp -m tcp --dport 22 --tcp-flags SYN,RST,ACK SYN -m recent --rcheck --seconds 300 --hitcount 3 --name sshattack --rsource -j LOG --log-prefix "SSH Drop: "
-A INPUT -p tcp -m tcp --dport 22 --tcp-flags SYN,RST,ACK SYN -m recent --rcheck --seconds 300 --hitcount 3 --name sshattack --rsource -j REJECT --reject-with tcp-reset
Again, I don't know how helpful this is the OP, but I know I find it extremely useful and I'm sure others will too.