Quote:
My server is not a well known IP. The IP is an ISP dynamically allocated IP address
|
I've honestly never heard of SSH scanbots targeting non-dynamic IPs, so I don't see how this would make any difference.
Quote:
In addition, the server is up only 12 hours a day during the US day time hours. So these guys must really be looking hard everywhere all the time.
|
Yes, the login attempts you are experiencing are almost certainly the direct result of intel provided by automated and randomized recon. And yes, IPs are getting scanned worldwide 24/7 - there's nowhere to hide. BTW, these "guys" could very well be sound asleep in mom's basement while their bots have you under attack.
Quote:
- China 5
- Korea 2
- Japan 2
- Poland 1
- Mexico 1
- India 1
- Brazil 1
- Inforte Corp 1
- Eclipse Marketing 1
|
Keep in mind that the boxes being used to attack you are very likely to be part of "presumably legitimate networks", and they've simply been owned. In such cases you wouldn't really have any idea where the master node is with this information you have. My point being that this country-breakdown thing can be something cute to show your boss but it doesn't really mean much otherwise, unless you are someone who likes to collect statistics for this kind of stuff.