I just found out that one of my NIPS' reports seems pretty clear regarding the daily top alerts:
For those who forgot to secure a lil bit their (open)SSH server, time's running...
What about that IP address 220.127.116.11? Well, it is the reverse DNS pointer of http://argi9cure.com/.
Just have a look at it: CentOS default webpage! :( And above all, Apache 2.2.3, most likely obsolete.
Quite interesting, what (McAfee) TrustedSource says about it:
So, not only massive SSH sessions attempts are being launched from that server, but its mail volume (as a sender) has drastically changed, and got 500% bigger!
Another compromised server being used to stealthily spam, uh?
Furthermore, this IP address has also been reported in the DShield's stats:
This once again shows the relevance of IP's reputation based filtering.