Rather than just hope that they don't find a) a valid user and b) a valid password, I've got around to installing DenyHosts which notices such things and sticks their IP addresses into a 'don't even bother' file for the box to ignore future requests from.
One feature is that you can share this info with other users, and get a list of their attackers too... which I haven't enabled yet.
Anyone else running this? Do you enable synchronization mode?