They basically detect port > scans and add a firewall rule to temporarily block that ip. > Does anyone know what tool that is? > > Also disabling remote login as root should help. > > Russ Fail2ban, is what you are looking for, I think.... http://www.fail2ban.org/wiki/index.php/Main_Page Dennis