How to block SSH port scans DYNAMICALLY ?

One of my dedicated servers is being continuously port scanned for SSH. This server has FreeBSD & CPanel. Everyday I get a list of 100-200 failed login attemps. All these 100-200 login requests are generated from 4-5 unique IPs with an interval of about 2-5 seconds between two login requests. The number of scans are increasing day-by-day. How to block SSH port scans DYNAMICALLY ?

I generally block these IPs by adding them to hosts.allow file. But everyday the scanner seems to use a new set of 4-5 IPs. So, any idea how I can DYNAMICALLY block these IPs, so that I don't have to MANUALLY add them to a block list. For example, if an IP fails for 3 times, I'll like ban it for 1 hour. Is there a possibility to use "ipfw" tool for this purpose (since, its already installed on the system)?

Thank you in advance for all your wonderful help. How to block SSH port scans DYNAMICALLY ?

 

 

 

 

Top