Is this a reasonable approach?

[Andy Armstrong]

Andy Armstrong wrote:
> The module is complete and working now. It successfully rejects auth 
> attempts from hosts that are responsible for excessive authentication 
> failures according to a configurable set of rules.

Incidentally I assume this is what people are using for their attacks:
  http://packetstormsecurity.nl/filedesc/hydra-4.5-src.tar.html

Its signature in terms of the timing of login attempts is the same as 
the real attacks I've been seeing. It's also quite useful for stress 
testing pam_abl :)

-- 
Andy Armstrong