fail2ban?

Try this:

iptables -A INPUT -i eth0 -p tcp --dport 22 -m state --state NEW -m recent --set --name SSH
iptables -A INPUT -i eth0 -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 60 --hitcount 8 --rttl --name SSH -j DROP

Looks pretty nice to me... and should take considerably less resources than fail2ban (wink wink *cough* Bofu)

The above are a few iptables rules that should do a pretty good job without sacking system resources...

Just food for thought.