If you have logwatch installed (or you read auth.log file) you can find lots of entries mentioning login attempts/attacks.
Something like:
Nov 20[......]
Tag: iptables
Iptables allows a system administrator to configure the tables provided by the Linux kernel firewall.