10 Feb
2016
10 Feb
'16
8:51 p.m.
On 2/10/16 9:02 PM, Tim Osburn wrote:
Also looking up sa0bxi on QRZ yields a Email.
Have you tried reaching out to SA0BXI directly? You'd be surprised how a
friendly email is all it takes most of the time. I bet his box is pwnd
Side note: this is exactly what rwhois/SWIP would be great for. The Technical
Advisory Committee has voted in favor of steps to enable 44/8 for this about
two years ago.
So it's probably scanning IP's to ensure
security, and testing known
poor quality passwords, but I'm just guessing.
Maybe they want to see who's running crypto on 44net address space?
Also failtoban would be highly recommended set to
block after 3 failed
attempts if you are leaving a system open to ssh access.
http://www.fail2ban.org/
+1
If you're on the internet port scans and hack attempts happen every day. I
really don't consider a port scan a malicious attack, it's akin to some one
ringing your door bell and running away.
--
Bryan Fields
727-409-1194 - Voice
727-214-2508 - Fax
http://bryanfields.net