
Attacking cybercrime through infrastructure, not individuals - SimplyUseless
http://www.bbc.co.uk/news/technology-32496382
======
jessaustin
They seem pretty confident that they caused the SSH scanning kiddies to stop
their rooting. It seems likely that they just got more subtle with their
scans, so they're not on the radar anymore. It's a nice PSA to remind us all
to disable password auth on SSH.

------
daveloyall
I can't quite put my finger on it, but there's something troubling about this.

How was the "sinkhole" implemented?

Did they just block ssh out of some countries?

Are they looking inside packets to tell the difference between the automated
scanners and legit traffic?

Does Cicso own an ISP?

Who are "some other large ISPs"?

