On Thu, Apr 9, 2015 at 11:31 AM, Sameer Khosla <skho...@neutraldata.com> wrote: > Was just reading http://blogs.cisco.com/security/talos/sshpsychos then > checking my routing tables. > > Looks like the two /23's they mention are now being advertised as /24's, and > I'm also not sure why cisco published the ssh attack dictionary. > > It seems to me that this is something that if they want to do, they should be > working with entire service provider community, not just one provider.
are you sure they aren't engaged with a wider SP community? (the dictionary seems relevant for: "Oh crap, my root account DOES have password123 as the password :(")