Quote:
Originally Posted by Mantazz
Crawling through the web, using some sort of bot system to check every host they can find for open ssh ports to try. I would expect if this was the case that the attempts would come by "ssh myobscurehostname.youwontguessthis.org".
|
This is rarely, if ever, done.
Quote:
Or, crawling the internet, looking for open ssh ports on any system they can get a response from. I would expect if this was the case that the attempts would come by "ssh 123.45.67.89".
|
This is usually what they do. To see how easy it is, try the following on your network (use the correct subnet, of course):
$ nmap -p 22 192.168.0.0/24
That will search every IP from 192.168.0.0 through 192.168.0.255 for hosts with port 22 open. Takes maybe 3 seconds, most of which is just displaying the info. The actual scan takes milliseconds.
Now expand that out to use big blocks of IPs, and wrap it in a script that connects to open SSH ports, and you see what the script kiddies are doing.
It has nothing to do with hostnames and everything to do with IPs.