Re: [44net] banned 44.140.63.5

On Wed, 10 Feb 2016, Michael Fox (N6MEF) wrote:

The IP address 44.140.63.5 just tried multiple ssh attempts using invalid logins against six of our 44-net machines. The attempts were caught and blocked. But beware.

I'd take a guess that:

5.63.140.44.IN-ADDR.ARPA domain name pointer idp.sa0bxi.se.

idp = intrusion detection prevention? Also looking up sa0bxi on QRZ yields a Email.

So it's probably scanning IP's to ensure security, and testing known poor quality passwords, but I'm just guessing.

Also failtoban would be highly recommended set to block after 3 failed attempts if you are leaving a system open to ssh access.

http://www.fail2ban.org/

Tim Osburn http://www.m2os.com W7RSZ / JG1MBR

https://instagram.com/tim.osburn/