--snip--
-- Knute Johnson Molon Labe...
A while back there was discussion on the list about a script that monitored /var/messages and /var/secure and would write a rule to block an IP address after "x" number of attempts to log in. I could not find the reference that I kept. You might try searching the list but the scripts were very good.
Try this
http://denyhosts.sourceforge.net/
or for quick & dirty:
iptables -A INPUT -i eth0 -p tcp -m tcp --dport 22 -m conntrack --ctstate NEW -m recent --set --name sshscans --rsource
iptables -A INPUT -m recent --rcheck --seconds 60 --hitcount 10 --name sshscans --rsource -j DROP
(thanks to david@blue-labs.org for that one)