From the second article J65nko cited:
Quote:
This equates to roughly one attack and approximately 300 login attempts per day, on average. Some attackers are very serious about performing attacks, executing hundreds of login attempts in a session.
|
That describes "low average to average" activity these days in my experience, although except for one box which sits outside my firewall, I'm blissfully unaware of the ssh scanners now. Having more readable auth.log's is a nice side benefit of automatically blocking them at the firewall.