Very effective. My Mac OS X Servers have been cracked a couple times because of this. I’ve since closed port 22 to all traffic from outside our LAN. Legit users who need to access the server either have to be on the local network or tunnel in through a VPN. How you would do this would depend on your platform, network setup, and user needs. You can look at your secure.log and easily see if you are under attack. My logs from a week or so prior to the successful crack read like a dictionary of names and password combos. Make sure your root account is disabled, and use something other than admin as your user name. If you can, enforce secure password creation – like a min of 8 characters including at least 1 digit and 1 letter.