#!/bin/bash

echo "Starting scan for SSH Brute Force Attacks"
while [ 1 ]
do
	count=$(netstat -tn | awk '{print $4}' | grep :22 | wc -l)
	if [ $count -gt 20 ]
	then
		attacker=$(netstat -tn | awk '{print $5}' | grep -v :22 | cut -d ':' -f1 | tail -1)
		echo "SSH Bruce Force Attack detected!!!"
		echo "$attacker made $count SSH connections at the same time"

		echo -e
		echo "Data collected:"
		netstat -tn
		break	
	fi
	sleep 1
done