Traditional Anti-Bruteforce Rules

Rapid-fire bruteforce attacs are easy to head off, here's the OpenBSD PF style, with state tracking options to set limits:

/etc/pf.conf

table <bruteforce> persist

block quick from <bruteforce>

pass inet proto tcp to $int_if:network port $tcp_services \

keep state (max-src-conn 100, max-src-conn-rate 15/5, \

overload <bruteforce> flush global)

max-src-conn: # of connections from one host

max-src-conn-rate: rate of new connections: 15 connections per 5 seconds.

overload <bruteforce>: offenders go to the blocked table

flush global: kill all connections

Basically, problem solved - the noise generally disappears instantly. If you like, tweak rules to local tastes and needs.

(and yes, Linux and other scan do similar, won't get into them)