Detecting spam and attacks from my network

I've been having problems on my servers related to spam and ssh brute force attacks originated by my users. Do you know any tools that would help me detecting this issues?

I've been told that there is an iptables module which would take actions according to rules: For example, N connections to port X in 1 second and it would block that port. Does anyone know the name of that module ?

The last idea that came to my mind was coding a daemon that would set PROMISCUOUS mode and monitor all network traffic. It would count the number of packets comming from the servers on my network, and if there were many connections to the outside port 22 (for example), it would block it automatcily calling iptables.

Any ideas?

Thanks in Advance

 

 

 

 

Top