Re: Is this normal?

[Adam Jones <ajones1 () gmail com>]

More than likely this is just some script kiddie behavior. If you are
using safe passwords (you do use software to attempt to crack/guess
those passwords yourself, right?) the only worry is that some exploit
for sshd or another exposed program will come up before you patch it.
Consider your actual requirements for using sshd as this is a home
system where you could just walk over and log into the box directly.

If sshd is required be sure to block ports on your boxes behind this
one. Another relatively decent home network security tip is to turn
off systems that you are not using. Most of them do not need to be on,
and can be turned on overnight to apply updates as needed.

As for your other questions:

This is relatively normal methodology for a script kiddie login
attempt. If you were able to look at the usernames and passwords used
it would probably consist of a lot of root:$easytoguesspassword
entries. Sshd attacks are fairly uncommon in the windows ubiquitous
world of home networking.

You should not really be concerned. As long as you are using strong
passwords and keeping your software up to date everything should be
golden. Someone capable of more than just mindless login attempts
might be able to do some damage, but that is not what you are seeing
here.

Like I said earlier seriously consider disabling sshd, or at the least
limiting access from specific ranges. Ensure that you are not able to
remotely login as root. Use software like john the ripper to test your
passwords, and change them often. I don't know a whole lot about
linux, so I cannot give you any hardening/any other advice. Hope this
helps though.

-Adam