SSHBL.org provides an actual list with IPs who tried brute-force or where denied access to ssh-accounts from different servers in USA and Germany. Out of this list we render Snort-Signatures (see example below) to block (using SnortSAM) access from these IPs whenever they try to access, and iptables-rules to block the IPs completely

PLEASE NOTE

these rules are still in the making and should only be used for testing purposes.

• recent 100 IPs: http://dogtown.mare-system.de/download/SSHBlacklist-DROP-100.rules
• recent 300 IPs: http://dogtown.mare-system.de/download/SSHBlacklist-DROP.rules

• block all traffic: http://dogtown.mare-system.de/download/SSHBlacklist-iptables.list
• block traffic on port 22: http://dogtown.mare-system.de/download/SSHBlacklist-iptables-port22.list