[opensuse] dictionary attacks

Just about every day, often several times a day, my logs include hours
of log entries that look like this:

Jul 16 00:35:25 raid5 sshd[6966]: Invalid user admin from
Jul 16 00:35:30 raid5 sshd[6968]: Invalid user admin from
Jul 16 00:35:35 raid5 sshd[6972]: Invalid user admin from
Jul 16 00:35:40 raid5 sshd[6974]: Invalid user admin from
Jul 16 00:35:56 raid5 sshd[6981]: Invalid user test from
Jul 16 00:36:01 raid5 sshd[6983]: Invalid user test from
Jul 16 00:36:06 raid5 sshd[6985]: Invalid user webmaster from
Jul 16 00:36:11 raid5 sshd[6987]: Invalid user username from
Jul 16 00:36:16 raid5 sshd[6989]: Invalid user user from
Jul 16 00:36:26 raid5 sshd[6994]: Invalid user admin from
Jul 16 00:36:31 raid5 sshd[6996]: Invalid user test from
Jul 16 00:36:51 raid5 sshd[7017]: Invalid user danny from
Jul 16 00:36:56 raid5 sshd[7019]: Invalid user alex from
Jul 16 00:37:01 raid5 sshd[7022]: Invalid user brett from
Jul 16 00:37:06 raid5 sshd[7024]: Invalid user mike from
Jul 16 00:37:12 raid5 sshd[7027]: Invalid user alan from
Jul 16 00:37:18 raid5 sshd[7029]: Invalid user data from
Jul 16 00:37:22 raid5 sshd[7031]: Invalid user www-data from
Jul 16 00:37:28 raid5 sshd[7033]: Invalid user http from
Jul 16 00:37:33 raid5 sshd[7037]: Invalid user httpd from
Jul 16 00:37:38 raid5 sshd[7040]: Invalid user pop from

..... and so on, ad nausium. Obviously, someone is trying to break in
to my system via SSH. So far as I can tell from examining my logs and
my systems (usually at least 4 other systems on my LAN are under
simultaneous attacks from the same source(s), the daemon is
successsfully withstanding the assault and the system is not compromised.

My question is what, if any firewall rule could I write that could
detect such attacks and automatically shut down forwarding packets from
the offending node or domain? That would give me an additional layer
of defense as well as freeing up a significant amount of log file space.

Thanks in advance,
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse+help@xxxxxxxxxxxx