It helps but you can't always assume unwanted logins are going to be brute force attacks. My biggest source of paranoia is a stolen/lost laptop with a saved SSH password/key. I prefer ACLs to port knocking. Depending how important a machine is there's no good reason to allow the entire Internet in. If it means someone has to drive to the office or do some SSH hoping that's a small price to pay.

In most cases I would say yes, however, on the off chance the person doing the attack has an army of bots at their disposal it's not going to do that much good. The reason for this is bots can all have separate IP addresses in totally different IP ranges. I am not saying, "nothing is secure" but merely "read your logs".

This whole post got me thinking about ways to sniff out proxies. I am usually behind on this kind of thing, but bare with me please :).

Using PHP and Javascript I think you could weed out the majority of proxy users; avoid IP spoofing, protect sensitive places a little better. Use php to get the users IP address. Find location of that IP. Find timezone/time of that ip. Have a range set up to catch errors. Now use JavaScript to get the time.

Javascript will return the time specific to the system. If the two times do not match up then you possibly have someone using a proxy.

There are some issues with this type of system, traveling business man, but it could be useful at some point.