fail2ban is log based brute force blocker. Fail2ban will monitor the system log files and when certain configured events occur they will trigger fail2ban to block the offending host.
I have been using fail2ban to stop the flood of attacks via my ssh port. Together with setting
/etc/hosts.deny to "
ALL: ALL" and
/etc/hosts.allow to "
sshd: SPECIFIC_IP_ADDRESSES", I also change the port number in
/etc/ssh/sshd_config to something other than "
Port 22". It works well.