SSH server abuse

Something started about 2 hours ago here; ssh scans for user “root” hitting all public IP’s for gigo.com.

Looking at it with a packet sniffer, all IP’s get hit in parallel; sometimes without port randomization from the other side.  Looking at the hosts, looks like they all have old sshd’s running.  Can’t even blame windows this time.

Expect connections to gigo.com to be spotty - sshd is getting overran.  gigo.com users:  I’d like your feedback on whether or not moving the SSH port would be a big impact to you. If it would be.. what if port 22 was open to specific subnets (ie where you work); or having a web CGI that re-enables port 22 for your current IP?

[permalink] · Announcements ·