one of the things you can do (and I did) is to mess with brute forcers by sending a malformed response packet to the password attempt. Basically my goal was to crash their ssh client using a buffer overflow exploit. So on my honeypot when I got an SSH attempt I sent back a response packet that I morphed each time in an attempt to genetically engineer a killer packet. In my case the clients always seemed to make 5 requests in a row. So I used the time between the previous request and the current request as a fitness function for my genetic mutations. (longer delays was a better mutation). I eventually got them to stop after one request with a response that was a bit over 9K in length. After that worked I got a giant DDoS attack sent my way so I figured it was 'message recieved' :-). These days I just put ssh on a different port and fail2ban IPs (simpler and doesn't poke the troll :-)