Re: knock, knock.
Most of the IoT devices running old versions of Linux will be attached to LANs behind a NAT router. This makes it impossible for someone on the Internet to even get to them to try to brute force the root password.
The only exception to this is if the IoT device uses UPnP to knock holes in the firewall and NAT protection that the router provides. But they would be NUTS to open port 22 via UPnP, even if it were possible.
I suppose that it may be possible that they run SSH on a non-standard port, and ask that to be opened via uPnP, but I would be surprised if they even did that, and if they did, it would be a case of guess-the-port before you even start the attack.
Anyway, all sensible people turn UPnP of on their router, don't they?
I monitor inbound intrusion attempts on my home network (I have a full-port redirect to a Linux firewall - which had password login disabled in the SSH config, in case you ask), I noticed an uptick of login attempts (at it's peak it was about 100 a minute, from about half-a-dozen different source addresses) using a variety of user ID and passwords just after the new year. As a precaution, I switched off the port redirect, and I've not needed to turn it back on, so it has remained off. But there was definitely something going on. Not sure if I was being specifically targeted, but that seems a little unlikely.
Biting the hand that feeds IT
