SSH attack from 46.105.255.96

n0xlf

n0xlf

Getting the hang of it
Jan 19, 2017
59
38
My step-son (who lives in another state) and I began receiving SSH attacks from this IP. The only thing we have in common between networks is that we both recently added Dahua IP cameras. Both of us are running SSH on different non-standard ports.

It's possible that this is just a prolific port scanner that is doing a good job of covering a lot of subnets quickly, but wanted to see if anyone else happens to be seeing this. It's coming from a hotel in Belgium (Accueil -)

Nmap scan report for ip96.ip-46-105-255.eu (46.105.255.96)
Host is up (0.13s latency).
Not shown: 65531 filtered ports
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
443/tcp open https
10050/tcp open zabbix-agent

org-name: BRUXELLES HOTEL LE PLAZA
 
Nothing from that range bouncing off my Merakis, so I'd say it's just someone running nmap port scans via a compromised box, usual Internet background noise.
 
Yeah, I think it's just a random coincidence that both of us were seeing it. It still persists, interestingly enough...
 
n0xlf said:
Yeah, I think it's just a random coincidence that both of us were seeing it. It still persists, interestingly enough...
Click to expand...

Could always call or email the hotel to let them know.

Failing that, the tech or abuse email in the ip whois records.

If you are in the mood to bite back, metasploit is always useful.
 
n0xlf said:
Yeah, I think it's just a random coincidence that both of us were seeing it. It still persists, interestingly enough...
Click to expand...

Could always call or email the hotel to let them know.

Failing that, the tech or abuse email in the ip whois records.

If you are in the mood to bite back, metasploit is always useful.
 
Did both when I posted this and no response from either - I port scanned it, but metasploit could be fun :)
 
You must log in or register to reply here.
Top Bottom