13 Jun
2016
13 Jun
'16
12:14 a.m.
Yes.. the sad state of the Internet. In addition to tools like fail2ban, you can consider another, more scalable approach using RBLs (realtime blackhole lists) where known attack hosts are blocked:
https://www.google.com/search?q=rbl+to+block+ssh+connections
Most RBLs are used for email but there are many out there also for SSH attacks which would be very applicable to your TELNET attacks. Using RBLs through DNS is a lighter weight approach than creating iptables rules that can become huge over time. The use of RBLs isn't perfect either so you might choose to go with a blended approach. Good luck.
--David KI6ZHD