[Intrusions] brute force attack - tcp wrappers and iptables not helping?

[Susanne Hemker]

Hi everybody,

somebody is trying to break into one of out workstations. 
The /var/log/secure contains lots of:

 Failed password for invalid user $name  from ::ffff:$IP  port $port
ssh2

from different IPs, ports and usernames.

Since the tcp wrappers and the iptables should not allow ssh login from

any host outside our lab, I am wondering how he/she even got to the 
login. Any suggestions?

Thanks,

Susanne