using the SNMP module from the UCD SNMPv3 Library. I have a process that recieves traps from routers (actually forwarded traps from yet another processor). *ANY* non-management machine that causes an Authentication Failure (SNMP/Telnet/rsh/ssh) gets it's port disabled. (evil grin).

using CISCO Netflow/OSU Flow Tools and the Cflow module we search for scanners/DOSers/misconfigured hosts and (you guessed it...) disable them.