Re: Re: RE: Internet SSH scans

These SSH scans are generated ( in most of cases ) by Linux Zombie machines, infected with a kind of worm used to get vulnerable hosts to install a PBSync IRC.

I just changed my default SSH port and all attacks had stoped.

Another way is run somethink like DenyHosts, a python-based daemon that scans logs and put the "attacker ip" into /etc/hosts.deny:

SSHD:10.0.0.1  ( for example ).

CheerS