The author exposed SSH port 22 to the internet for 54 days and documented every connection attempt and attacker. The experiment reveals reconnaissance patterns, attack timing, and the speed at which exposed SSH services are discovered by automated attack tools.
Safety
I Left Port 22 Open on the Internet for 54 Days. Here's Who Showed Up
Empirical SSH honeypot study reveals that exposed ports are discovered by automated scanners within minutes and followed by predictable reconnaissance-scanning-brute-force attack chains.
Sunday, April 26, 2026 12:00 PM UTC2 MIN READSOURCE: LobstersBY sys://pipeline
Tags
safety