Yeah, I have thought of that a few times, even thought of making the Solaris box do that (would need to get a second NIC, but they can be had for cheap on eBay). I already have that system hardened, as well as have it look to the world like it is a Windows system, so the automated scripts have no idea how to attack it properly, and to top it off, I wrote up some custom firewall and authentication monitoring apps which dynamically ban addresses, subnets, and ISPs as more and more failed connections/scans/logins are detected from their networks (it does a few whois lookups to determine the ISP and the IP range assigned to that ISP so that simply grabbing a new IP will not allow them to continue an attack attempt, the only thing it does not protect against is DDoS attack, which is next to impossible to do from the endpoint anyway).