Here is an interesting tidbit google coughed up:

        http://dev.gentoo.org/~krispykringle/sshnotes.txt

The gist seems to be that there exists a binary toolkit for linux
boxes that does a syn-map of candidate boxes checking for sshd and
then attacks some predefined accounts.  An error string in one of the
programs is claimed to be Romanian, so this probably means our friends
in the gov are involved to some extent.  Idle thought: I wonder if
this has something to do with the cybersecurity czar Amit Yoran
quitting in disgust a few days ago.

   http://www.theregister.co.uk/2004/10/04/cybersecurity_czar_quits/

-wolfgang
-- 
Wolfgang S. Rupprecht                http://www.wsrcc.com/wolfgang/