I guess it's kind of a tough one to search for because I'm coming up
short... but I'm really getting frustrated with the constant abuse our
shared hosting servers take. It seems like a fix should be so easy.
We're currently stuck with things as they are, older software, so
there is a slight limitation there but here's the basic symptom that
causes the grief.

Some IP address will connect in to a dozen or so of the IPs on the
server at about the same time and start trying passwords. Via POP3,
SSH and especially FTP. No one IP address is ever likely to even
connect to 2 different IP addresses at the same time much less 6 or
more.

This clogs up POP connections, drives the server load up with FTP...

I use an ipchains rule to throttle SSH and have basically eliminated
that problem. Such a solution for POP/FTP isn't as practical.

So I would just like to be able to ban any source IP that gets an
established connection to more than say 5 local/destination IP
addresses.

Does anyone have any good ideas for handling that?