> I have a system with an SSH server accessible from the Internet.
>For the last few years, I have been monitoring a steady flow of brute
>force breakin attempts, at an average rate of at least one attempt per
>minute, significantly more during peak hours.
>
> Remarkably, starting a few weeks ago, this rate has fallen
>dramatically, to less than one per hour, even during those times of the
>day when I would usually register several attempts per minute.
>
> Have you guys noticed something similar in your logs? I am
>curious because this decrease more or less has coincided with a change of
>ISP on my side, which implies that the Internet-visible static IP address
>that my SSH daemon is listening at has changed. The actual domain name is
>the same though.
The frequency of those brute-force attacks varies dramatically by
target network. I have servers in various hosting networks and some of
those get tenfold the amount of ssh probes than others. So, it is just
different characteristics of background noise in different parts of
the Internet.
Greetings
Marc
--
-------------------------------------- !! No courtesy copies, please !! -----
Marc Haber | " Questions are the | Mailadresse im Header
Mannheim, Germany | Beginning of Wisdom " |
Nordisch by Nature | Lt. Worf, TNG "Rightful Heir" | Fon: *49 621 72739834