Interesting type of attack: People sending out TCP packets with a spoofed source address, targeting port 22 on random (or not) IP addresses on the net.
Not to probe whether there's SSH on that server, but to generate abuse reports against the spoofed IP, in order to force it off the net.
https://delroth.net/posts/spoofed-mass-scan-abuse/
Keep this in mind when you receive abuse reports. Especially if you're an ISP.
[#]infosec #networking #sysadmin
=> More informations about this toot | View the thread | More toots from scy@chaos.social
=> View infosec tag | View networking tag | View sysadmin tag This content has been proxied by September (3851b).Proxy Information
text/gemini