Tengo un WS´08 para pruebas diversas.
Probaste DenyHosts
DenyHosts is an open source log-based intrusion prevention security script for SSH servers was written in python programming language that intended to run by Linux system administrators and users to monitor and analyzes SSH server access logs for failed login attempts knows as dictionary based attacks and brute force attacks. The script works by banning IP addresses after set number of failed login attempts and also prevent such attacks from gaining access to server.
DenyHosts Features
Keeps track of /var/log/secure to find all successful and failed login attempts and filters them.
Keeps eye on all failed login attempts by user and offending host.
Keeps watch on each existing and non-existent user (eg. xyz) when a failed login attempts.
Keeps track of each offending user, host and suspicious login attempts (If number of login failures) bans that host IP address by adding an entry in /etc/hosts.deny file.
Optionally sends an email notifications of newly blocked hosts and suspicious logins.
Also maintains all valid and invalid failed user login attempts in separate files, so that it makes easy for identifying which valid or invalid user is under attack. So, that we can delete that account or change password or disable shell for that user.
Read More : Install DenyHosts to Block SSH Server Attacks in RHEL / CentOS / Fedora
No se si Lo probaste, aqui te dejo el enlace:
http://www.tecmint.com/block-ssh-server-attacks-brute-force-attacks-using-denyhosts/Vi varios más, has usado alguno a parte de ese?
Saludos.