SSH brute force and hacking attempts

AndreiV

Very Senior Member
Seeing a very big increase in SSH login attempts caught in Turris Honeypot.

This IP has made 5000+ attempts today : 104.248.89.194

This session by 104.244.76.203 is more interesting as you'll see a string of 45 commands issued .

>> Honeypot session. <<
 

sfx2000

Part of the Furniture
This session by 104.244.76.203 is more interesting as you'll see a string of 45 commands issued .

Honeypot aside - exposed SSH ports should use certs vs user/pass, along with disabling rootlogin which applies to both OpenSSH and dropbear...
 

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top