Yes, it's related to a SSH brute force attack. I have just never seen the the "client" IP in the routing table before. My IP does not exist in the routing table when I SSH to the host.
I have a hard time to understand the mechanism that added the IP to the table. Is this something that can be explained? Best regards Johan Den 14 maj 2014 04:09 skrev "Johan Beisser" <j...@caustic.org>: > > > >> On May 13, 2014, at 18:47, Stuart McMurray <kd5...@gmail.com> wrote: > >> > >> > >> And, 163data.com.cn is a large source of shady activity. > > > I blocked the bulk of China and Asia outright at the router. > > Quick solution, if not clean.
