Piero Bosio Social Web Site Personale

yes, this happened:Apr 8 23:46:59 skapet sshd-session[69515]: Failed none for invalid user Can't locate List/Util.pm in @INC (you may need to install the List from 175.199.67.164 port 51226 ssh2(and several times more, of course) #ssh #bot #botnet #passwordgroping #passwordguessing #sshgropers #cybercrime #security Background: "Badness, Enumerated by Robots" https://nxdomain.no/~peter/badness_enumerated_by_robots.html and links therein

A kiddie and their script, part N of N!Mar 9 17:54:52 skapet sshd-session[97161]: Failed password for invalid user %company% from 20.83.3.189 port 17677 ssh2#scriptkiddies #sshgropers #passwordguessing #cybercrime #ssh #security And if you need some reading material, https://nxdomain.no/~peter/hailmary_lessons_learned.html (or g-tracked https://bsdly.blogspot.com/2013/10/the-hail-mary-cloud-and-lessons-learned.html)

@pitrh Things do correlate but it's rather complex. SSH attempts are an indicator but not a good one to link directly to a conflict. Blocking known attempts makes it hard to measure development and origin of the attacks in the future. Real world conflicts have many many effects in the cyberspace nowadays. It's hard to get the relevant data, it's hard to measure the impact, it's hard to correlate the different data and take action. Welcome to the world of hybrid threats.