SSH Scanning
SSH Scanning can be very detrimental to a network, and the machines on the network. When an ssh server is compromised, usually due to a vulnerability on the server being exploited, it can begin to scan other machines over TCP port 22, attempting to log on. An example of this action is found below. This is an off-campus machine scanning a large number of hosts on the Texas A&M University network. Only 1,000 attempts are shown in the example, but over 226,000 were tried.
If a machine on the Texas A&M University campus was found to be scanning other TAMU machines, or off-campus machines, in this manner, it will be immediately blocked. To prevent this from occurring, please make sure to keep your SSH server updated with the latest patches, and that strong passwords are used.
Please contact the Network Security Team with any questions.