Banning SSH attackers

Hi.

First off, my personal disclaimer: I'm not a (real) sysadmin, nor a 
security or networking or even a *nix expert, so hopefully I'm not 
missing something obvious.  I've looked through the ssh man page and 
googled, but I didn't find anything relevent.  Anyway.

People are running attacks on my server... they look like dictionary 
attacks on usernames and passwords, and I'm sure that any of you who 
look at your logs have seen the same thing on your machines.  I have 
reverse-dns checking turned on, and have everyone except select users 
blocked by denygroups and denyusers.  I end up with large daily logs 
filled with failed login attempts, user not allowed messages, and 
"possible breaking attempt" messages from reverse-dns failures (eg, more 
than 3800 entries yesterday, from 1 or 2 IPs).

What I'd like is a system configuration where I just drop all packets 
from hosts that cause one of these messages  for the next, say, 5 min.  
This way, a login failure from a legitimate user is not a catastrophic 
event for them, but greatly limits the ability of attackers to hammer on 
ssh.  It seems like this sort of setup/process should have a well-known 
name (that I am ignorant of).

Any advice, suggestions, or pointers would be appreciated!
Thanks.
--Paul