So I have been reading the ssh attack thread and finally want to ask about something. I doubt there is a program like this, but I would love to have a program that listens at common ports that I do not use at all...and only allow that program to listen to it, especially the usual ssh port (using a different one for real ssh)... That program would then, upon receiving a 'sniff' or 'user' would then add that ip to the deny hosts lists..for either a long or short time. Using this would seem like a win as you can easily grab someone before they can get somewhere one hopes. Also, by opening up a few other ports that are unusual like 8561....well, if someone sniffs that it could be a 3 day ban or a month... In other words, anyone hitting those ports that are not being used at all except by our sniff protector, would allow instant banning. So...does something like this exist?