[ale] [OT] Chinese brute-force network?
Chuck Payne
terrorpup at gmail.com
Thu May 29 16:48:14 EDT 2014
If it helps, here are the ones attacking lately
Attempts116.10.191
40
61.174.51
34
119.188.7
9
Hopes that helps.
On Thu, May 29, 2014 at 4:44 PM, Chuck Payne <terrorpup at gmail.com> wrote:
> Dustin,
>
> I had to do the same thing. I did iptables and route, just to make sure
> they are blocked.
>
> Chuck
>
>
> On Thu, May 29, 2014 at 4:40 PM, Jim Kinney <jim.kinney at gmail.com> wrote:
>
>> Sounds like a new dev/null IP range.
>> I get hit at home by a few hundred a week. Once I took the time to sort
>> by time and noticed the incoming IP order matched nearly every day. I just
>> dropped in fail2ban and the noise level went way down.
>> On May 29, 2014 4:05 PM, "Dustin Strickland" <
>> dustin.h.strickland at gmail.com> wrote:
>>
>>> I usuallly don't do this, but I feel oddly compelled to ask. Over the
>>> past 3 days(and perhaps longer than that, but my logs were wiped on a
>>> reboot) I've been getting failed SSH login attempts in my logs from a
>>> bunch of different IPs in the range 116.10.191.1-254. I thought this
>>> was really unusual; typically, you'll get a few attempts over the
>>> course of 15 minutes to a few hours from ONE IP, but this has been going
>>> on steady for days. After researching a bit to try to find who owns this
>>> network, I found this:
>>>
>>> http://bannedhackersips.blogspot.com/2014/05/fail2ban-ssh-banned-11610191211_7510.html
>>>
>>> `grep 116.10.191. /var/log/auth.log -c` returns 2920. Can you guys
>>> check your logs and post the results(and specultation)? Something isn't
>>> right about this, I think.
>>> _______________________________________________
>>> Ale mailing list
>>> Ale at ale.org
>>> http://mail.ale.org/mailman/listinfo/ale
>>> See JOBS, ANNOUNCE and SCHOOLS lists at
>>> http://mail.ale.org/mailman/listinfo
>>>
>>
>> _______________________________________________
>> Ale mailing list
>> Ale at ale.org
>> http://mail.ale.org/mailman/listinfo/ale
>> See JOBS, ANNOUNCE and SCHOOLS lists at
>> http://mail.ale.org/mailman/listinfo
>>
>>
>
>
> --
> Terror PUP a.k.a
> Chuck "PUP" Payne
>
> (678) 636-9678
> -----------------------------------------
> Discover it! Enjoy it! Share it! openSUSE Linux.
> -----------------------------------------
> openSUSE -- en.opensuse.org/User:Terrorpup
> openSUSE Ambassador/openSUSE Member
> Community Manager -- Southeast Linux Foundation (SELF)
> skype,twiiter,identica,friendfeed -- terrorpup
> freenode(irc) --terrorpup/lupinstein
> Register Linux Userid: 155363
>
> Have you tried SUSE Studio? Need to create a Live CD, an app you want to
> package and distribute , or create your own linux distro. Give SUSE Studio
> a try. www.susestudio.com.
> See you at Southeast Linux Fest, June 7-9, 2013 in Charlotte, NC.
> www.southeastlinuxfest.org
>
--
Terror PUP a.k.a
Chuck "PUP" Payne
(678) 636-9678
-----------------------------------------
Discover it! Enjoy it! Share it! openSUSE Linux.
-----------------------------------------
openSUSE -- en.opensuse.org/User:Terrorpup
openSUSE Ambassador/openSUSE Member
Community Manager -- Southeast Linux Foundation (SELF)
skype,twiiter,identica,friendfeed -- terrorpup
freenode(irc) --terrorpup/lupinstein
Register Linux Userid: 155363
Have you tried SUSE Studio? Need to create a Live CD, an app you want to
package and distribute , or create your own linux distro. Give SUSE Studio
a try. www.susestudio.com.
See you at Southeast Linux Fest, June 7-9, 2013 in Charlotte, NC.
www.southeastlinuxfest.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.ale.org/pipermail/ale/attachments/20140529/5283fa64/attachment-0001.html>
More information about the Ale
mailing list