Anyone else been getting such attacks? Just seems a little odd that all of a sudden after a long period of silence, someone (peoples) tries now.
yep we are seeing more and more of these all the time.
if dns doesn't help you locate them, you can whois their ip and get some information from it.
I believe most of them come from overseas (if not all), so it might be worth while using tcpwrappers to limit connections from whole netblocks.
host.deny blocks all ssh access and hosts.allow allows it for certain subnets. Most modern sshds have tcpwrappers support in them.
dave -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
