A number of our readers have submitted that they have both experienced, or noticed the uplift in source IP's scanning for SSHD daemons.

You can see the uplift in the snapshot taken from our DShield database.

In addition to this, our reader Andrew also submitted some analysis of the hit count of some common account names:

 1209 root
  120 postgres
  114 test
  100 oracle
   88 nagios
   88 student
   83 tomcat
   77 ts
   76 user
   72 svnuser
   72 ts2
   71 demo
   67 psybnc
   66 admin
   64 backup

And this brings about an opportunity to remind our readers that they can submit their firewall logs to us to allow this ISC Handler, DShield and reader cooperation to expand. For details on how this is achieved please see our submission page.

Steve Hall
ISC Handler