Here is an interesting article written by Christian Seifert, from The New Zealand Honeynet Alliance, that takes an inside look at SSH brute force attacks. This should be a nice lecture for everyone that doesnâ€™t have the time and resources to setup a honeypot and investigate real attacks (most of us are just concerned on how to block them and thatâ€™s all). After reading such reports we can all understand better the attacks that we are facing in the wild wild internet.
“Malicious SSH login attempts have been appearing in some administrators’ logs for several years. This article revisits the use of honeypots to analyze malicious SSH login attempts and see what can be learned about this activity. The article then offers recommendations on how to secure one’s system against these attacks.”