Christian Seifert has investigated a series of on-going attempts to login to Unix servers on the Internet, and he has publish the report entitled Analyzing malicious SSH login attempts at Security Focus.
This caught my eye because I have recently seen evidence of this that I do not ordinarily see. Not only that but since I was on vacation, the person keeping an eye on things saw it too. There is nothing earth shattering about the techniques described in the report, but the analysis and narrative of the investigation was very interesting to me as a systems administrator.
If you are not going to read the whole article over on SF, at least ask yourself this:
"Is my password in the following list?"
123456
Password
Admin
Test
111111
12345
administrator
Linux
Root
test123
1234
123
Mysql
Apache
Master
If your password is there, you should be concerned, as these are the top 15 passwords used in malicious login attempts.