On Thu, May 14, 2009 at 5:48 PM, Bill Campbell <centos@celestial.com> wrote:
On Thu, May 14, 2009, James B. Byrne wrote:
>Over the weekend one of our servers at a remote location was
>hammered by an IP originating in mainland China.  This attack was
>only noteworthy in that it attempted to connect to our pop3 service.

You might look at fail2ban which can automatically create
iptables blocks when things like this happen.

Bill
--
INTERNET:   bill@celestial.com  Bill Campbell; Celestial Software LLC
URL: http://www.celestial.com/  PO Box 820; 6641 E. Mercer Way
Voice:          (206) 236-1676  Mercer Island, WA 98040-0820
Fax:            (206) 232-9186  Skype: jwccsllc (206) 855-5792

Manual, n.:
       A unit of documentation.  There are always three or more on a
       given item.  One is on the shelf; someone has the others.  The
       information you need is in the others.
               -- Ray Simard
_______________________________________________

fail2ban does a good job of automatically blocking any IP which constantly tries to login to any service with an incorrect password. 

Another option, with even more control, is ConfigServer firewall (or other firewalls), which can monitor various aspects of your network and block unwanted users on demand. 

--
Kind Regards
Rudi Ahlers
CEO, SoftDux Hosting
Web: http://www.SoftDux.com
Office: 087 805 9573
Cell: 082 554 7532