The original poster was requesting a way to automatically block suspicious IPs. Lots of good responses.
Another idea, and I've only read about this (no actual experience), but may be worth looking into: "port knocking". The basic concept is that you would keep your ssh port closed *all* the time. You need a secret "knock" to open the port. The knocking method is achieved by pinging various ports in a specific order (and with specific timing). So basically, before you can connect to port 22, you may have to ping ports 302, 50, 17, 17, 22, 542, 1002, 98, 12. The server will recognize the sequence and open port 22. Like I said, I don't have any firsthand experience with such a tool, but I've always thought it sounds incredibly clever. Maybe someone around here has some experience with port knocking and can offer some more insight. Good luck! Matt -- Matt Garman email at: http://raw-sewage.net/index.php?file=email -- [email protected] mailing list
