There’s a great little application called “denyhosts” which will automatically add suspected brute forcers to your DENY list.

URL        : http://denyhosts.sourceforge.net/
License    : GPLv2
Description: DenyHosts is a Python script that analyzes the sshd server log
           : messages to determine which hosts are attempting to hack into your
           : system. It also determines what user accounts are being targeted.
           : It keeps track of the frequency of attempts from each host and,
           : upon discovering a repeated attack host, updates the
           : /etc/hosts.deny file to prevent future break-in attempts from that
           : host.  Email reports can be sent to a system admin.

The Windows SAM file which is a database stored as a registry file stores users’ passwords in a hashed format.

The video can be found here and the BackTrack live CD can be downloaded here.