Back to Home
I have got an SSH Honeypot which collects all port scans on port 22/SSH and SSH logins attempts from various IPs all over the world.
Log gets written to do some analytics (Geo lookup and amount of tried login attempts). I will create an automated solution to prevent all access to my resources explicit restricted/denyied by those IPs.
Log info / Log contains
IPs that had contact with my 22/SSH port (Tried amount and Geo IP)
IPs that tried a login (Username and Password)
IPs that portscanned me