I regularly get attacks against my sshd. I can hear them (the disk makes a fairly distinctive noise). They occur infrequently enough that I still investigate some of the (unlike SPAM).
I just got an sshd attack from 212.109.44.99 (reverses to voice-telecom.sovam.net.ua but this name does not resolve). Futher investigation shows that this is an [EMAIL PROTECTED] box in the Ukraine. It even seems to be still running asterisk -- the web interface seems to work. Perhaps this indicates that there is an out-of-box vulnerability in [EMAIL PROTECTED] Perhaps not. nmap shows: Port State Service 21/tcp open ftp 22/tcp open ssh 25/tcp filtered smtp 80/tcp open http 111/tcp open sunrpc 137/tcp filtered netbios-ns 138/tcp filtered netbios-dgm 139/tcp filtered netbios-ssn 445/tcp filtered microsoft-ds 899/tcp open unknown 2000/tcp open callbook 3306/tcp open mysql Is it normal to leave all these ports open to the internet on an asterisk box? In particular, is mysql secure this way? How about sunrpc?
