10 Feb
2016
10 Feb
'16
8:02 p.m.
On Wed, 10 Feb 2016, Michael Fox (N6MEF) wrote:
The IP address 44.140.63.5 just tried multiple ssh
attempts using invalid
logins against six of our 44-net machines. The attempts were caught and
blocked. But beware.
I'd take a guess that:
5.63.140.44.IN-ADDR.ARPA domain name pointer idp.sa0bxi.se.
idp = intrusion detection prevention?
Also looking up sa0bxi on QRZ yields a Email.
So it's probably scanning IP's to ensure security, and testing known
poor quality passwords, but I'm just guessing.
Also failtoban would be highly recommended set to block after 3 failed
attempts if you are leaving a system open to ssh access.
http://www.fail2ban.org/
Tim Osburn
http://www.m2os.com
W7RSZ / JG1MBR
https://instagram.com/tim.osburn/