No method is perfect, but something that seems to work ok in practice is to just move ssh to a different TCP port, and -j DROP the unused ports. Failproof? No, but it reduces the noise tremendously. If the script kiddies learn the new port (unlikely), either move it to another port, or apply one of the other methods already recommended in this thread. -- Florin Andrei http://florin.myip.org/