On Thu, Apr 9, 2015 at 11:31 AM, Sameer Khosla <skho...@neutraldata.com> wrote:
> Was just reading http://blogs.cisco.com/security/talos/sshpsychos then
> checking my routing tables.
>
> Looks like the two /23's they mention are now being advertised as /24's, and
> I'm also not sure why cisco published the ssh attack dictionary.
>
> It seems to me that this is something that if they want to do, they should be
> working with entire service provider community, not just one provider.
are you sure they aren't engaged with a wider SP community?
(the dictionary seems relevant for: "Oh crap, my root account DOES
have password123 as the password :(")
