sshd brake-in attempts

[Emil Popov <emo () ds primasoft bg>]

Hi'ya guys,

I have been seeing some strange entries in my authlog
and I'm pretty sure these are ssh brake-in attempts.
As far as i understand the issue, those attempts did not
result in a system compromise, but anyway I really need
your advice on this.

Facts:
ds% uname -a
OpenBSD ds 2.8 GENERIC#399 i386

ds% sshd -v
sshd: illegal option -- v
sshd version OpenSSH_2.3.0
BTW. only protocol version 2 is allowed.

Log Entries:
sshd[10858]: Connection from 211.218.166.200 port 2273
sshd[10858]: Did not receive ident string from 211.218.166.200.
sshd[12075]: Connection from 211.99.196.117 port 2520
sshd[12075]: Did not receive ident string from 211.99.196.117.
sshd[14033]: Connection from 212.46.97.60 port 4309
sshd[14033]: Did not receive ident string from 212.46.97.60.

And, there is no "Enabling compatibility mode for version 2" message
which is generated whenever I log in, so those clients seem to be trying
to login with protocol ver. 1.
There is one more strange thing, that i started seeng roughly when
the sshd fuss came out:
sshd[25774]: Received disconnect: 11: All open channels closed
Would someone explain what exactly this message means?

Oh, and BTW. those IP's are outside my country and no trusted
user has ever connected from them.

Thants about all I have to say :)
Any thoughts/flames/suggestions/ideas ?

P.S. Please don't go into "Reinstalling everything is your only way out"
It may be so, but please back your self up

Thanks in advance
Emo

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com