On July 9th alone, there were attempts to log into my system via ssh as root from over 240 different IP addresses. Most addresses appeared to make only one or two attempts and then give up, never to be seen again. Of course none of them succeeded.
I find this interesting, because it is the opposite of what I usually see. I often see individual computers make several hundred attempts to get in as root. Even more often I'll see individual computers go through a very long list of common names to try to get in as a non-root user. But these systems were only trying root.
I'm not even sure how to address this issue. I have approximately no fear of them getting in as root - that is disabled on this system anyways. Even if they cracked the password, they still wouldn't be allowed in as root. I supposed I could just ignore it, since this uses a trivial amount of bandwidth, with an attempt only around every 20 minutes. I have the logs of which system tried when and how.
When the "usual" attack happens - one system, many attempts - I contact the ISP immediately with the logs. But if I wanted to contact the ISP for this, I could be trying for dozens (or even hundreds) of ISPs, likely in many foreign countries.