They seem pretty confident that they caused the SSH scanning kiddies to stop their rooting. It seems likely that they just got more subtle with their scans, so they're not on the radar anymore. It's a nice PSA to remind us all to disable password auth on SSH.
I can't quite put my finger on it, but there's something troubling about this.<p>How was the "sinkhole" implemented?<p>Did they just block ssh out of some countries?<p>Are they looking inside packets to tell the difference between the automated scanners and legit traffic?<p>Does Cicso own an ISP?<p>Who are "some other large ISPs"?