SSHBrute Force: False Postives

["Dominic Caputo" <jec6jec6@gmail.com>]

I have been reading up on iptables and i am by no means an expert but i have 
a problem with SSH brute force attacks on port 22. I am currently using the 
config below to minimise these threats but i am constantly getting false 
positives (logs actually say that my connection has been flagged as a brute 
force connection even on the on the first attempt-but then on others it 
connects first time with no problems)
#SSH Brute-Force Scan Check
$IPTABLES -N SSH_Brute_Force
$IPTABLES -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --name 
SSH --set --rsource -j SSH_Brute_Force
$IPTABLES -A SSH_Brute_Force -m recent ! --rcheck --seconds 60 --hitcount 
4 --name SSH --rsource -j ACCEPT
$IPTABLES -A SSH_Brute_Force -j LOG --log-level info --log-prefix "SSH Brute 
Force Attempt:  "
$IPTABLES -A SSH_Brute_Force -p tcp -j DROP

Any help with this problem would be great

Dominic