<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<br>
<blockquote type="cite"
cite="mid:CA+TuoW29rjOnLB07Xy2cYFAU3B81rH5hRb9MWKmW0QCByVVq2w@mail.gmail.com">
<div dir="ltr">
<div>
<div>
<div class="gmail_quote">
<div>Usually, the ssh login attempt will come from a
single IP address: some <br>
<div>script kiddie tries to login to hosts, using
various login names (root, mysql, <br>
</div>
<div>uucp, lpadmin, ...etc.) </div>
</div>
</div>
</div>
</div>
</div>
</blockquote>
<p>Oh, no. Attacks are always run from many machines, put into
hacking asset. Different ips are the only way to speedup an
attack, where Fail2Ban records ips to slow 'em down.<br>
</p>
<br>
</body>
</html>