Is it still considered a 'port scan' to have scripts trying to SSH in with a list of common account names or trying multiple passwords for 'root' or 'mail' (or similar)? I'm hoping to find a way to block these but I'm at a loss as to what to search for.
When I imagine the term port scan
I think of using NMAP (or equivalent) to find what's open in iptables. Just curious if this falls under the same category.
Some of my systems are logging several thousand per day. It's annoying.
Systems are all CentOS / RHEL.
EDIT: iptables 'limiting' looks v promising. In the end I may have to setup a VPN for all the valid traffic and use something like 'fail2ban' on my public servers.