Spike in SSH scans

[James Lay <jlay () slave-tothe-box net>]

Anyone else seeing these?  Started about 3 hours ago..here¹s a snipit:

21:19:09 192.168.0.3 snort[577]: [1:2006435:3] BLEEDING-EDGE SCAN LibSSH
Based SSH Connection - Often used as a BruteForce Tool [Classification: Misc
activity] [Priority: 3]: {TCP} 203.173.40.167:21823 -> 192.168.0.2:22

And a current list of hits in the last 3 hours:

124.39.168.43
129.13.250.46
145.253.128.85
148.245.157.217
149.99.20.238
161.106.180.173
193.158.0.195
194.25.114.106
195.113.185.38
195.138.155.54
195.228.238.186
195.56.72.157
195.73.54.73
200.126.111.38
200.62.177.91
200.79.37.194
201.16.17.246
201.216.245.25
201.245.109.170
211.139.69.28
212.101.30.8
212.202.248.130
212.248.23.6
213.136.105.130
213.156.69.126
213.186.47.65
213.255.77.62
213.35.211.206
213.66.184.110
213.84.74.76
216.193.233.168
217.110.171.150
217.113.71.130
217.151.68.244
217.156.103.234
217.160.19.157
217.71.214.191
218.207.69.8
218.249.108.166
60.12.130.117
62.105.180.178
62.112.158.141
62.218.215.134
62.65.142.213
62.76.246.253
64.81.228.200
66.236.209.227
67.118.242.129
67.132.173.150
70.107.224.252
70.151.62.113
72.248.139.227
77.104.241.141
80.200.249.230
80.201.241.44
80.33.222.48
80.51.139.82
80.55.142.66
81.180.88.6
81.68.198.23
81.75.124.51
82.103.102.12
82.141.44.153
82.239.231.89
83.15.246.226
83.151.18.189
83.19.34.46
83.227.183.88
83.236.170.54
83.246.96.38
83.246.96.54
83.65.141.94
85.114.130.199
85.120.129.130
85.17.10.106
85.214.54.182
85.48.224.186
87.127.193.225
88.32.56.1
89.110.147.183
89.171.12.78
91.192.189.19

James

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/