Jump to content

Anyone seen people trying to scan ssh?


awskier08

Recommended Posts

  • 2 weeks later...

I really wonder if it is a proxy IP address. In the last week I have seen brute force SSH attacks on port 22 from 10 different IP addresses in the 18.2.22.XXX block of addresses and 17 different addresses in the 222.186.62.XXX block of addresses. These are both Chinese blocks and it appears that it is someone that can easily change their IP address at will. Seems like an organized attack more than random script kiddies. In the past couple of weeks attacks on my server have increased by a factor of three and the increase seem to be from Chinese activity. I wonder why the sudden upsurge. Perhaps I am just lucky ;-).

Link to comment
Share on other sites

I used to get port scan alerts all the time. Usually 3 at a time on random ports from China. I use Sophos UTM9 now, it's free for home use.

The only problem is that I am big into torrents and most seeds are from over there.

firewall_zpsb01dd7c5.png

Edited by yabasoya
Link to comment
Share on other sites

I used to get failed ssh attempts on my server all the time. I'm currently blocking Korea, China, India, Russia, Turkey, Vietnam, Ukraine, Brazil, Venezuela, and Pakistan inbound on my firewall. Failed attempts have pretty much stopped. I get a random couple every month or so, but nothing like I used to get.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...