Kevin van Zonneveld explains how to slow down brute force attacks on your ssh server so much it makes them useless. It's so simple there is no good reason not to do it.
I've been recently also playing with the recent-module.
It seems pretty cool to block any kind of "too much noise".
I have, probably a bot-net, trying to get in my FTP-server at work. The problem is that it doesn't disconnect after a failed login, so the recent-module doesn't work here since only one new connection is necessary.
The last attack was a surprise, starting at 8pm last night, until 10 this morning when I manually blocked the IP. The whole time from one IP, that's an exception, usually one IP attacks for about an hour or two, then the next starts.
Well, still got to find a good solution for this.
another article, inspired by the first, explains some more sophisticated options
Post a blog entry