This is another "one off" technique I've employed with success to mitigate brute-force password attacks.

If there are scads of "authentication failure" entries in /var/log/messages this technique may help. To determine the number of brute-force password attacks, run the following one-liner:

 fgrep "authentication failure" /var/log/messages* |cut -f 7 -d '=' |cut -f 1 -d ' '  |sort |uniq -c|sort -n

If there is no end to spam and automated attacks against a server and you do not (or cannot) invest in a high-quality firewall, this technique may offer a respite.

The idea is to pro-actively block all "well-known" malicious net-blocks (according to spamhaus.org's definition, of course). The source for these net-blocks is the Spamhaus DROP list, which is described as:

<pre> DROP (Don't Route Or Peer) is an advisory "drop all traffic" list, consisting of stolen 'zombie'