It’s inevitable: if your computer is Internet-connected you will have people coming a-knockin’. Fortunately Linux users are more savvy than to think any keep-alive ping or other piece of Internet flotsam is a hack attempt. Even so, it’s simply a matter of time before your router’s lights flash heavily and /var/log/auth.log (/var/log/secure on RedHat) fills with chilling messages like these:
$ tail /var/log/auth.log
Aug 1 20:23:41 zugzug sshd[15577]: (pam_unix) authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.218.125.178
Aug 1 20:23:44 zugzug sshd[15577]: Failed password for invalid user edward from 210.48.230.5 port 43812 ssh2
Aug 1 20:23:46 zugzug sshd[15581]: Invalid user erik from 210.48.230.5
Aug 1 20:23:46 zugzug sshd[15581]: (pam_unix) check pass; user unknown
Aug 1 20:23:46 zugzug sshd[15581]: (pam_unix) authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.218.125.178
Aug 1 20:23:49 zugzug sshd[15581]: Failed password for invalid user erik from 210.48.230.5 port 44088 ssh2
Aug 1 20:23:51 zugzug sshd[15585]: Invalid user eduardo from 210.48.230.5
Aug 1 20:23:51 zugzug sshd[15585]: (pam_unix) check pass; user unknown
Aug 1 20:23:51 zugzug sshd[15585]: (pam_unix) authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.218.125.178
Aug 1 20:23:53 zugzug sshd[15585]: Failed password for invalid user eduardo from 210.48.230.5 port 44346 ssh2
http://www.linuxlinks.com/portal/news/article.php?story=20070802133459671