trolling DSL/cable IP blocks vs the rest of the internets
I checked my sshdfilter SSHD table the other day on 2 boxes: one at our data center, and another on our office DSL, each machine having gone online within a few hours of each other.
The latter had something like 4x as many entries as the former. Which leads me to my question: are the Bad Guys specifically trolling known DSL (and ostensibly cable) IP blocks, assuming more/easier pickings? The logs also show the usual massive run of web attacks, although I don’t have stats for comparison.
Is this normal?
