Yes, these logs have been "sanitized" for my and everyone elses protection.

Our network is doing IP Masquerading and our firewalls would block and log any "log martians", "source routed" or any other type of invalid / impossible address coming in on eth0

Thanks for your advice and your well thought out reply.

Moving ssh to a less common port is a good idea as well

You mentioned keeping Openssh up to date. All our servers are running Openssh 3.4p1
complete with "privledge separation" and all.

thanks again