Hi,
you can try to install a DoS sensor to stop this. It should trigger on the SYN flag (when starting a new session), filtered by port, when the rate of login attempts exceeds a given limit. Like 10 logins per minute, per source IP address.
Additionally, consider this: a DoS signature only blocks a running attack. A triggered IPS signature can additionally quarantine the source IP for a certain period of time. IPS consumes more ressources than DoS policy but in your case it would trigger instantly, and then block the source IP for say 20 minutes. So you' ll get at most 72 attacks logged per day.
Here' s an example blocking/quarantining ssh login attacks:
http://support.fortinet.com/forum/tm.asp?m=81338&p=1&tmode=1&smode=1
showing the rate signature in detailed screenshots.
Ede
"Kernel panic: Aiee, killing interrupt handler!"