You could also set up host.allow and host.deny, if you know what addresses you will be connecting from.
There was a peak in this sort of scan around 1 feb. We also saw this in Norway. But it's normal to see this kind of scans from time to time. Take a look at ISC! http://isc.sans.org/port_details.php?port=22
