A member of the local user group was hacked recently via SSH. After cleaning up, he was a bit sensitive about the number of port 22 attempts he was seeing inbound. Another member suggested (https://www.redhat.com/archives/fedora-test-list/2005-May/msg00093.html) the following as a solution:
iptables -A infilter -j ssh-scan iptables -A ssh-scan -p tcp -m tcp --dport 22 -m state --state NEW -m recent \ --set --name SSH --rsource iptables -A ssh-scan -p tcp -m tcp --dport 22 -m state --state NEW -m recent \ --update --seconds 60 --hitcount 8 --rttl --name SSH --rsource -j LOG \ --log-prefix "SSH Scan: " iptables -A ssh-scan -p tcp -m tcp --dport 22 -m state --state NEW -m recent \ --update --seconds 60 --hitcount 8 --rttl --name SSH --rsource -j DROP
<comments>Slowing_down_SSH_brute_force_attacks</comments>