<html><head></head><body>"What's the point?" C'mon, Ted. You know better than that. The point is people with weak passwords. Remember the Dyn DDoS? That was brought on entirely by devices with default passwords. As is a RasPi attack I read about on Slashdot just this AM. Say 90% of servers/devices follow good security practices -- that still leaves 10% that are susceptible. I imagine even a 1% return would still get you a pretty sweet botnet. So, in my estimation at least, that is the point.<br>
<br>
$.02,<br>
<br>
-Ken<br><br><div class="gmail_quote">On June 11, 2017 10:17:35 AM EDT, Ted Roche <tedroche@gmail.com> wrote:<blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">
<pre class="k9mail">For 36 hours now, one of my clients' servers has been logging ssh<br />login attempts from around the world, low volume, persistent, but more<br />frequent than usual. sshd is listening on a non-standard port, just to<br />minimize the garbage in the logs.<br /><br />A couple of attempts is normal; we've seen that for years. But this is<br />several each hour, and each hour an IP from a different country:<br />Belgium, Korea, Switzerland, Bangladesh, France, China, Germany,<br />Dallas, Greece. Usernames vary: root, mythtv, rheal, etc.<br /><br />There's several levels of defense in use: firewalls, intrusion<br />detection, log monitoring, etc, so each script gets a few guesses and<br />the IP is then rejected.<br /><br />In theory, the defenses should be sufficient, but I have a concern<br />that I'm missing their strategy here. It's not a DDOS, they are very<br />low volume. It will take them several millennia to guess enough<br />dictionary attack guesses to get through, so what's the point?<br /></pre></blockquote></div><br>
-- <br>
Sent from my Android device with K-9 Mail. Please excuse my brevity.</body></html>