> I doubt there is a program like this, but I would love to have a program > that listens at common ports that I do not use at all...and only allow that > program to listen to it, especially the usual ssh port (using a different > one for real ssh)... > > That program would then, upon receiving a 'sniff' or 'user' would then add > that ip to the deny hosts lists..for either a long or short time. Many years ago I used portsentry for this. You can find an article about portsentry at <http://www.securityfocus.com/infocus/1580> Barry