How should I react to break in attempts

[Arthur Pemberton]

Arthur Pemberton wrote:

> I'm gettign mail from logwatch as to the following:
>
> root (en201247.uac63.hknet.com): 3 Time(s)
>
>
> What's my best plan of action to respond to such? Yes I root logins 
> via sshd disabled.
>
> Thanks for the advice.
>
>
This host is really tring it's best at sshd, there are many attempts to 
my sshd. Is it a good idea to just block that ip via iptables?