[Dshield] SSH bruteforce with logname "lp"

[Shaun]

Hi all,

I'm seeing a large surge in SSH attempts this morning. Large, as in,
more than 10% of the hosts I've blocked for bruteforcing all year are
from today.

They're coming from a variety of different sources (mostly APNIC, no
surprise), but all are using "lp" as their attempted login. Haven't seen
this particular pattern before. Curious whether anyone else is getting
the same thing, or if this is some sort of targeted attack.

-s