Like everyone else who has ever run any sort of public facing sever in the last 10 years, I also get a disproportionate number of scripted brute force attacks that come from China. From what I understand, it's almost considered a hobby over there. Mr. Joe Citizen works for big-state-sponsored-foreign-run-computer-company, and at the end of the day before he leaves he sets his desktop computer to nmap and brute force as many addresses as possible all night. What they do when they finally get one, well...I'm not really sure, never had one get through. 99.99% of the attacks are generic brute force attacks that use generic usernames that no sane sysadmin would ever allow on their system anyway (admin, ftp, phpmyadmin, faculty, staff, etc.), and most of the scripts they use are almost always run with their default configuration, so basic security precautions stop them cold.