Hi Don,
IDs. I believe its an automated bot. If one or more of those names responded then they may be back with a password crack attempt. They will be back!!!
connected to the 'Net. My real question is whether this indicates my defenses are working, or should I be looking elsewhere for that The question if your defense is working is hard to say. Your log only shows that someone was trying to connect to you system. For example: If your are protecting that service from the outside, guess then your defense is not working.
Changing sshd to another port doesn't really give security. A portscan will show the open ports. You should STOP all services not needed if your on the internet. If you (or anyone) don't need to work over the net on your machine then you can stop sshd. An intrusion detection system like AIDE helps to figure out if people gained access to your system. Ulf -- Real Users find the one combination of bizarre input values that shuts down the system for days.