Is this a reasonable approach?

[Igmar Palsenberg]

> Somewhere I've got a homebrew PAM module that will log the username and
> password of failed login attempts.  It was written to find out which
> username / password combinations were being used for brute force attacks
> on the sshd demons of some of our local LUG, if it's of any use to
> anyone I'll happily submit it to the main PAM repository.

It's plain annoying for the bigger part. I've had some dickhead from a 
German colo doing 3000+ guesses on an account that doesn't even allow remote
logins. Since the colo in question only provides abuse, and doesn't solve 
them, the're a nice iptables -j DROP candidate.



	Igmar