My network is getting hammered by SSH scanners lately. Possibly checking for CVE-2023-25136. The IP below has sent over 2k flows in a day and Greynoise tags it as an SSH Bruteforcer and worm.
Another IP originating from Russia (92.63.197[.]82) has also sent just over 2k flows. Historical analysis shows it targeting previous SSH vulnerabilities.

#cve_2023_25136 #SSH #Netflow #Firewalla #IPS #SignalsIntelligence #Vulnerability