If you are a down in the trenches type of admin, this should not be much of a surprise to you.
If you have management that doesn't understand that the internet can be a bad, bad, place, maybe this could help explain things.
I want to share an intrusion attempt from a single IP address for anyone who does not realize what is happening out there. This is a server that will accept an authentication request, but does not accept any (it's just not configured), and after the 5th failed attempt flags and notifies.
The short version is below, the long version, all 922, attempts is in the attachment. The attacker assumes first name accounts and tries 2 or 3 passwords per name (except for 'root' or administrator accounts).
Gives me pause to think about user naming schemes, that's for sure.
===============================================
2014-05-26...