Re: SSH server under attack...

Lots of things you can do to prevent it from locking out accounts, but
there's no real way to stop him from eating your bandwidth. Do the
real users who SSH into this machine need access from outside of your
local network? If they don't, just use iptables to block or drop any
packets to that port from the outside. I believe the SSH configuration
should allow you to do this as well. If they do, then you might want
to look into using something like Snort to automate the blocking of IP
addresses that are doing something they shouldn't be.

---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting experience. 
Tailor your education to your own professional goals with degree 
customizations including Emergency Management, Business Continuity Planning, 
Computer Emergency Response Teams, and Digital Investigations. 

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------