NOTE: Updated 11/15/2016
There's been a sea change in the attack vectors coming into the testing server, and some interesting characters.
For approximately two weeks, we've been subject to "IP Agile" attacks. The term "IP Agile" is something borrowed from a piece of high end R&D lab equipment, a Fluke frequency-agile signal generator. The "IP Agile" attackers use numerous IP addresses that repeat only occasionally over a span of hours, evading tools like fail2ban. There also seems to be a specific cycle through countries, China, Brazil, Japan, EU (UK or France), Taiwan, then repeating, though I don't yet have enough data.
That attack vector seems to have gone back to the normal one, which is fast hitting the secure shell hoping to evade log analysis applications. The hit rate averages 3 seconds per, and they get five tries.
One of the interesting characters from yesterday was from an IP address identified as belonging to the US DOD. Please don't tell me that attack bots are running out of DOD computers somewhere. I'm not too worried though, as I did participate in that Shredder Challenge and commented on it. But I didn't back-hack too far there, just in case…