Having worked as a security-focused network engineer at a wireless ISP, I can tell you that it's very likely an automated attack against the whole address block in which you reside.
 
One way to harden yourself is to deploy two-factor authentication: password and SSL certificate.
 
73, Daniel K7DGL


On Sun, Dec 29, 2013 at 12:21 PM, Jason Maher <jason@jmaher.org> wrote:
Hi folks,

I have recently connected to the PSDR from my QTH in Suquamish via the Capital Park node. My Metal 5SHPN is fed from a Puynting 31dBi Grid antenna. I have a 16.2 Mbps connection at 21.4 Kilometers!

My concern is that it appears that someone is attempting to log into my router as root via SSH. There are multiple log entries every day citing "login failures". A whois on any of the IPs show up as originating from China.

A few examples:

58.215.56.110
120.105.81.190
49.203.248.133
202.119.236.121
95.211.8.134

I have applied the suggested scripts to blacklist an IP after several failed attempts. I also have a hardware firewall between the router and my LAN.

Are these just normal internet hacking attempts from bots, or is there something else going on?

Thanks!

--Jason
K7JMM

_______________________________________________
PSDR mailing list
PSDR@hamwan.org
http://mail.hamwan.org/mailman/listinfo/psdr_hamwan.org