In addition to jmccue's comment above:
Take a look at OpenBSD's Pf. for configuration help and operational info.
In the past I have provisioned Pf to "Block" all ip address's that were not in the country I was located in.
If your system does not need to be exposed to the internet in its entirety then it would be one of my first steps. This may be accomplished by creating a table to hold all the ip addresses that your country contains, at least up until the creation of that table. In that way you can configure Pf to accept all traffic that comes from your country but not others. It makes the table smaller, although Pf handles that configuration without any noticeable speed loss. This of course assumes that your system does need to "face the public on the internet, i.e. static ip"......This will reduce the amount of probing traffic to your system right off the bat.
I always configure SSHD daemon with another port other than 22, although this just slows attackers in the process of determining which ports your system is exposed to that faces the internet. This is not an end all in itself. Security is an in depth process.
SSHD is too valuable of an asset to disable at least in my opinion. (Or you can disable it until needed)
Take a look at software that you might have installed that could open your system to the internet in an unprotected manner or software that might not be in the OpenBSD's packages, or possibly a package in the collection since the developers cannot vet all in the manner that the OS is.
Is your system available to others?
Do you have misbehaving users?
Do you monitor and/or restrict their usage?
Does your system face the internet? i.e. Are you running a server or simply browsing and emailing from a desktop or laptop?
Review your Logs!!!! Many answers lurk there!!!
Did you configure or use a software package that might behave in a manner that is looking like an attack?
You may also review your IP traffic in real time or historical by your system or add on software from the package repository...
Have you installed, and or configured and used a virus scanner?, R U running a mail server? etc.
I ran several internet facing servers for years without an incident running OpenBSD httpd and also simple configured laptops and or desktops without an intruder problem. Most if not all of my issues were operator inflicted i.e. Me. ....
