Hi,
I've been noticing an increasing number of rogue login attempts on my sshd. Although i've taken the usual steps of using a strong password, and disabling root login, i'd still like to beef up security for ssh and some other services. I had the idea (as i'm sure others have) of a firewall that would only pass connections from a host after receiving a specific packet- for example, a remote host sends an ICMP echo request with a pre-determined packet length before attempting to connect. After the special packet is received the host would be white-listed and connections allowed.

Does anybody know this has already been done (or a way to do it)?

Thanks!

In the Linux - Security forum there's a sticky thread dedicated to ssh protection. The other thing is called "port knocking". Look at Freshmeat or Sourceforge or use your favourite searchengine and you'll find more info.