It might be prudent to mention that all of the connections of this type are null routed via an iptables drop rule after three failed attempts via a "home grown" daemon similar to DENYHOSTS. All traffic from host is DENIED for 120 days unless we manually over ride it.
I do appreciate the cautionary, "better have a look around just to be sure" comments Wade
