This little program is used on our servers to check wether anybody
is trying to break in by guessing for passwords of common usernames,
so called "Dictionary attacks".
The taillog script looks at the logfile where ssh logs it's (un)succesful login
attempt, usually /var/log/auth.log, and remembers the IP addresses of
both successful and unsuccessful login attempts and keeps a count.
Offenders who are logged more than 3 times (meaning they have provided
the wrong password more than 9 times) are routed to 127.0.0.1, making it
impossible for them to communicate to the server again.
As a precaution, legitimate ip adresses of successful logins are