yeah he's trying to login via SSH, trying random passwords. who knows how he got the IP, probably just random, using port scanning. I can't easily change my IP; it's dynamic but it rarely is changed. anyway, i don't see how it matters, if i catch something like that in my log I just want to be able block that IP totally. Again, I feel there must be a way to do that at the router.