The better question is, why are you not filtering SSH to a known set of source IPs, or have it protected behind a VPN? SSH can listen on other ports besides 22. Ryan Hamel ________________________________ From: Rich Kulawiec via NANOG <nanog@lists.nanog.org> Sent: Wednesday, September 3, 2025 6:16 PM To: nanog@lists.nanog.org <nanog@lists.nanog.org> Cc: Rich Kulawiec <rsk@gsp.org> Subject: Paging Unified Layer/AS46606 in re: NET-162-240-0-0-1 (162.240.0.0/15) Caution: This is an external email and may be malicious. Please take care when clicking links or opening attachments. Who puts a quota on an abuse mailbox...and then allows that quote to be reached?
Date: Tue, 2 Sep 2025 12:38:24 +0000
Delivery has failed to these recipients or groups:
abuse@bluehost.com<mailto:abuse@bluehost.com> The recipient's mailbox is full and can't accept messages now. Please try r= esending your message later, or contact the recipient directly.
I've got nothin': my usual string of exasperated profanities has failed me. Anyway, y'all have attackers using various VPS instances on your network to conduct coordinated brute-force ssh attacks, and you should make that stop yesterday. Details? Logs? Yes, yes, I know, I did try to send them to you -- but see the above for the explanation covering why you didn't receive them. Also: for the love of dog, fix this nonsense. ---rsk _______________________________________________ NANOG mailing list https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.nanog.org%2Farchives%2Flist%2Fnanog%40lists.nanog.org%2Fmessage%2F6CFCYFIP5FHUL4PBZQNOUV2SW6DNK44U%2F&data=05%7C02%7Cryan%40rkhtech.org%7Cf05604ad93864ad3683208ddeb50bcac%7C81c24bb4f9ec4739ba4d25c42594d996%7C0%7C0%7C638925454204425431%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=cqSu%2FCyWt1ABaddhNYQNDkCDwl5P55mPUPcuRgevZVc%3D&reserved=0<https://lists.nanog.org/archives/list/nanog@lists.nanog.org/message/6CFCYFIP5FHUL4PBZQNOUV2SW6DNK44U/>