On 07/12/2020 03:43, George N. White III wrote:
On Thu, 3 Dec 2020 at 06:00, Ed Greshko <ed.greshko@xxxxxxxxxxx <mailto:ed.greshko@xxxxxxxxxxx>> wrote: [...] I can't think of anyone that would go through the trouble of unpacking pcap output to find IP addresses they could attack. They either farm IP addresses from emails, dns queries, or just plain find blocks of IP addresses to attack. To this observation, add the fact that I have a few systems which are "open" for the express purpose of cataloging where ssh attacks are sourced. The systems I have are both IPv4 and IPv6. All attacks have been against IPv4. In over a year of these systems supporting IPv6 there have been Zero attacks on those addresses. As more systems use IPv6, bad actors will have to collect active IPv6 addresses. You may be one of the first to see that start.
Oh, I think it is also worth noting that in over one year of collecting data on brute force ssh attempts the "attackers" never once used, except for root, a username which actually exists on the system. --- The key to getting good answers is to ask good questions. _______________________________________________ users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx