This option provides a most simple select-and-forget method for stopping the most egregious of the Dictionary Attacks that every Internet-connected Server has to suffer.
The simplest Firewall security is never to allow NEW external connections to your system; that is the default for the INPUT chain, and for PCs. Internet servers do not have that luxury:- by design, they have to allow new connections from the Internet. Therefore, every skript-kiddie in the world spends their time trying to brute-force passwords for the FTP, Telnet, SSH, Mail (and so on) Servers of this world - countless thousands of high-speed connections every day. Selecting this option will stop such attacks in seconds, and log where they are coming from.
Brief info:
All NEW connections are tracked; those that exceed 3 / minute are logged and dropped.
By default, ports 20,21,25,110,143 are monitored.
Further, logged IPs need to cease connections for 60 seconds before release.
A bash-script for obtaining weekly reports is provided within the GPL. See the EFG thread in the MH Forums.
To read further (links open in a new tab):
It uses the Recent module
Dictionary Attack Prevention thread in the MH Forums