Yesterday afternoon I noticed A LOT of traffic going across my DSL router when I wasn't logged in and it wasn't a time when a cron job would be doing anything, a quick bit of investigation revealed that home.rubberturnip.org.uk was the subject of a sustained attack on the SSH daemon. Looked like a brute force job, and it wasn't being successful unless the intention was to piss me off.

It triggered me to finally install logcheck on that box (thanks Justin for the package) and I noticed that there were other machines attempting similar attacks (is there a worm abroad at the moment that I'm not aware of?) although not quite as sustained as that first one, which was doing it for about two hours!

So, firstly, I've started blocking the originating IPs (and I reported the first one to the ISP in question), and secondly I'm going to post offending IPs here. The IPs I am currently blocking then are as follows:

62.80.128.11 203.130.33.203 213.56.25.38 212.227.21.132 202.110.193.231

Other news: CTW203 finished.