Analyzing SSH Brute Force Attempts

I've been using SSH Guard for years to block brute force SSH login attempts against my home network's gateway and have been logging connection attempts to a database. 1150 unique hosts have been tracked (since the last time the database was cleared).

Informal analysis in the past has shown some pretty ridiculous traffic, whole netblocks have systematically attempted logins. Moving to the next sequential IP address when the current one was blocked (not even switching randomly to a new one).

Recent Hosts

Hosts that have been recently seen attempting to brute force SSH logins.
LocationIPCount
🇨🇳 China, Nanchang 218.65.30.30 Revisit
🇨🇳 China, Hefei 58.242.83.8 Revisit
🇨🇳 China, Nanchang 182.100.67.40 Revisit
🇨🇳 China, Jinan 182.44.203.232 Revisit
🇨🇳 China, Nanchang 218.87.109.156 Revisit
🇨🇳 China, Nanjing 58.218.198.172 Revisit
🇨🇳 China, Nanchang 218.65.30.124 Revisit
🇨🇳 China, Beijing 222.44.63.11 Revisit
🇨🇳 China, Nanjing 58.218.198.171 Revisit
🇨🇳 China, Nanjing 112.85.42.233 Revisit

Attempts over Time