Am I the only one who's almost constantly being hit by login scans
(usually from China or weird places like Kazakhstan - sorry Oleg) on
their Internet facing Telnet/SSH ports?
It's not like they get in or anything, my guess is that this is just
part of a larger scan so if you guys are getting hit as well, I won't
worry that I'm being targeted :)
Pretty much if it's connected to the internet, it's getting
dictionary-scanned on any open telnet and ssh ports. The scanners have
gotten a little smarter in the last 8 years or so -- they no longer
generate so many parallel connections that you notice them because of
load or socket starvation.
I put in firewall rules to block addresses which generate too many ssh
connections in a period of time, mostly to prevent the log spam.
De
Show replies by date