I just got XFinity and it alerted me to 4 attempts on my OpenWRT router; but only one of them appeared in the logs on a Linux device behind it.
sshd[4227]: Bad protocol version identification '\003' from 45.141.84.87 port 63920.
I have secured the device in question with a public / private keypair, but I just wondered if anyone knew what the log file entry might mean, or why Xfinity caught 4 of them, but I only saw one.