Do your systems allow port 22 from the WAN along with very obtuse passwords, no anonymous, no telnet?
22 is of course SSH and on some SOHO NASes, it's the default port for special applications.
Or does everyone avoid the well known ports from outside access? And use auto-ban?
The number of login attempts per hour is amazing. I speculate that if the IP is in DDNS or a static DNS record, people harvest these DNS updates from fake DNS servers and use these IPs as newly-ripe targets. I say this because I used to have a static public IP and I didn't register it with a DNS, and got far fewer attempts.
22 is of course SSH and on some SOHO NASes, it's the default port for special applications.
Or does everyone avoid the well known ports from outside access? And use auto-ban?
The number of login attempts per hour is amazing. I speculate that if the IP is in DDNS or a static DNS record, people harvest these DNS updates from fake DNS servers and use these IPs as newly-ripe targets. I say this because I used to have a static public IP and I didn't register it with a DNS, and got far fewer attempts.
Last edited: