sshd break-in attempt

[Nathan Vidican]

We keep getting attempts from what look like a username/password scanner 
utility to login to our servers externally via sshd. Thankfully, we're 
not ignorant enough to leave common account names open, however it is 
annoying to say the least. We're getting things like this:

Jan  1 09:07:34 fw sshd[66547]: Invalid user staff from 208.44.210.15
Jan  1 09:07:35 fw sshd[66549]: Invalid user sales from 208.44.210.15
Jan  1 09:07:36 fw sshd[66551]: Invalid user recruit from 208.44.210.15
Jan  1 09:07:37 fw sshd[66553]: Invalid user alias from 208.44.210.15
Jan  1 09:07:38 fw sshd[66555]: Invalid user office from 208.44.210.15
Jan  1 09:07:38 fw sshd[66557]: Invalid user samba from 208.44.210.15
Jan  1 09:07:39 fw sshd[66559]: Invalid user tomcat from 208.44.210.15
Jan  1 09:07:40 fw sshd[66561]: Invalid user webadmin from 208.44.210.15
Jan  1 09:07:41 fw sshd[66563]: Invalid user spam from 208.44.210.15
Jan  1 09:07:42 fw sshd[66565]: Invalid user virus from 208.44.210.15
Jan  1 09:07:43 fw sshd[66567]: Invalid user cyrus from 208.44.210.15
Jan  1 09:07:43 fw sshd[66569]: Invalid user staff from 208.44.210.15
Jan  1 09:07:44 fw sshd[66571]: Invalid user oracle from 208.44.210.15

In our 'periodic daily' report/email, (only the list goes on for hundreds of attempts). Anyhow, long story short; is there not an easy way to make sshd block or deny hosts temporarily if X number of invalid login attempts are made within a minute's time? Must I use an external wrapper to accomplish this, or can it be done with options to sshd on it's own?

--
Nathan Vidican
nvidican at wmptl.com
Windsor Match Plate & Tool Ltd.
http://www.wmptl.com/