On 2/10/16 9:02 PM, Tim Osburn wrote:
Also looking up sa0bxi on QRZ yields a Email.
Have you tried reaching out to SA0BXI directly? You'd be surprised how a friendly email is all it takes most of the time. I bet his box is pwnd
Side note: this is exactly what rwhois/SWIP would be great for. The Technical Advisory Committee has voted in favor of steps to enable 44/8 for this about two years ago.
So it's probably scanning IP's to ensure security, and testing known poor quality passwords, but I'm just guessing.
Maybe they want to see who's running crypto on 44net address space?
Also failtoban would be highly recommended set to block after 3 failed attempts if you are leaving a system open to ssh access.
+1
If you're on the internet port scans and hack attempts happen every day. I really don't consider a port scan a malicious attack, it's akin to some one ringing your door bell and running away.