On 27 Nov 2013, at 02:01, Sampsa Laine <sampsa at mac.com> wrote: On 26 Nov 2013, at 23:08, Hans Vlems <hvlems at zonnet.nl> wrote: No, I get telnet attempts from it, es and nl domains lately. I put a text in sys$announce that tells the, error, user that the system is privately owned, alle access attempts are logged and monitored and that unauthorized access is not allowed. The attempts are now down to a couple every 24 hours and no longer every 5 minutes. Just got an SSH bruteforce attempt from Korea, decided to have a look at the chap's machine: nmap -p1-65535 -T5 -sV -oAhax0r -P0 14.63.222.153 The "attack" stopped pretty quickly after that lol. Mainland China based IP attacked me this morning, stopped after 27 seconds of my nmap scan. The scanners don't like to be scanned it seems :) Might write an automatic ArcSight rule to trigger these.. sampsa