Most probably some virus or other which has claimed another brain-dead
victim (known as Windows users). The IP is most likely false. If you're
that concerned, switch off ssh.
Since it's a TCP connection to ssh, the IPs will be real.
These are automated attacks coming from all around as Mike said, there
is no "person". They won't be stopping any time soon and will probably
only increase in sophistication.
Best plan is to get your friend to move his ssh port off 22. That will
really make it difficult to attack him, since they no longer have the
free information that 22 is the port and ssh is the protocol.
Edit /etc/ssh/sshd_config and change
Port 22
to some other number, then
service sshd restart
update any holes in firewalls accordingly: you can do it by hand with
(eg, for port 5678)
iptables -I INPUT -p tcp --dport 5678 -j ACCEPT
service iptables save
-Andy
