I just found out that one of my NIPS' reports seems pretty clear regarding the daily top alerts:
For those who forgot to secure a lil bit their (open)SSH server, time's running...
What about that IP address 65.98.36.50? Well, it is the reverse DNS pointer of http://argi9cure.com/.
Just have a look at it: CentOS default webpage! :( And above all, Apache 2.2.3, most likely obsolete.
Quite interesting, what (McAfee) TrustedSource says about it:
So, not only massive SSH sessions attempts are being launched from that server, but its mail volume (as a sender) has drastically changed, and got 500% bigger!
Another compromised server being used to stealthily spam, uh?
Furthermore, this IP address has also been reported in the DShield's stats:
http://www.dshield.org/ipinfo.html?ip=65.98.36.50&update=yes
This once again shows the relevance of IP's reputation based filtering.
