• 0 Posts
  • 22 Comments
Joined 1 year ago
cake
Cake day: June 10th, 2023

help-circle












  • I do see a decent amount of activity on it. Full disclaimer, I am not a security expert. I know just enough to be dangerous. But, I see at least a few connection attempts from different IPs about every day. The top 3 countries of origin are China, Russia, and Brazil (based on the reverse DNS, but it’s possible some are using VPNs to hide their origin). My impression is they’re all bots that just go through a list of IP addresses, attempting to connect to the standard ssh port, then guessing the username and password. What I’ve found is they usually go through a list of likely ssh ports until one of them connects. Having the default port open to only the honeypot means they usually establish the connection, then leave it at that, so my real ssh port never gets hit. I kinda think of it like scambaiting, where I’m just wasting time they might otherwise spend trying to break into someone else’s real ssh server.