A time for reconsider your SSH
SSHパスワードへの攻撃(ブルートフォースアタック)が頻発しているようです。
Guess what? SSH again!
While I'm aware that ISC readers probably don't have to be told, let's nevertheless try again to get the word out: If you are running any SSH server open to the Internet, and your usernames and passwords aren't at least 8 characters or so, your box is either owned by now, or about to be. It doesn't matter one bit what sort of device it is - those who run these scans have proven to be equally apt at taking over a Cisco router as they are at 
subverting an iMac.
- Filter (by IP) who can get to your SSH. Firewalls rule! Who can't get to your SSH can't brute-force your SSH.
- Reconfigure your SSH to only use password protected SSH keys and not permit plain passwords anymore
- Use hard to guess usernames. Yes, usernames.
- Move your SSH off port 22 to some obscure corner of the port space
- Scan your own network to find out where you have SSH running before others do. You might be surprised ...
- Use "fail2ban", though this doesn't help a lot anymore against the distributed scans we see lately
- Educate your users to use good passwords. Yes, even those users who have proven to be immune to enlightment.
- Watch your logs. It's a great way to learn. And knowing what the "daily noise" looks like is imperative to spot "oddities"
Update: http://wiki.centos.org/HowTos/Network/SecuringSSH contains a decent list of tips on how to secure sshd.
Firewallの段階でIP制限を掛けるのが最強ですね(笑)
そのあと、TCP Wrapperを掛け~の、Password強度を上げ~の、システムログを見ぃ~のという対策を講じます。
-------------------
はい・・どこですか? rootのログインを平文Passwordで許可してるのは?(苦笑)