William Smith wrote, on Sep 30, 2008 at 21:47 EDT:
This might be of interest: http://www.fail2ban.org/wiki/index.php/Main_Page
Basically, it detects hack attempts and locks off the offending IP address for about five minutes by modifying firewall rules.
I've only started looking at it myself, but I know others that use it and it seems to work well.
I've actually been using fail2ban for several years now one a few servers, with great success. .. except in the scenerio where it's unique IPs. I've actually been seeing a small amount of that today, as well, on one of my boxen, and as far as I can see, there's very little to no duplication of IPs, so fail2ban would not help at all in this case. fail2ban works for ssh attempts, where one IP fails login, for example, 3 times within 600 seconds, and also has rules for other daemons like bind, apache, exim, &c. Over the past month, it's been quiet the last couple weeks, but the beginning of September was *very* busy, and fail2ban saved me several headaches. -- Aaron Haviland 34 Wayne Ave, Dudley, MA home: [508] 943 - 7974