Not sure if FC uses the inetd super server, but if it does you can block this guy through the tcp wrappers mechanism.
Are there only certain legitimate networks that should be connecting to your ssh service? If so, a really good idea is to add an entry like:
Code:
sshd : 192.168.1.0/255.255.255.0 : ALLOW
to your /etc/hosts.allow file. Then on the
last line of your /etc/hosts.allow file, add a line
(Note: You can also use the /etc/hosts.deny file for this purpose.)
If you are using the xinetd super server, then there are different ways to do the same thing. This along with disabling the direct root login will make the cracker's job tough.
Make sure that if you're going to implement this you will have direct access to the box (in case you accidently put a wrong setting in /etc/hosts.allow you want to be able to change it).