And the SSH probes continue and continue ... / 2014-07-22

2014-07-22 And the SSH probes continue and continue ...
And the SSH probes continue and continue:
2014-07-13 07:47:18,122 fail2ban.actions: WARNING [ssh] Ban 61.174.51.208
2014-07-13 09:20:07,562 fail2ban.actions: WARNING [ssh] Ban 61.174.51.194
2014-07-13 09:41:01,783 fail2ban.actions: WARNING [ssh] Ban 61.174.51.223
2014-07-13 11:43:10,043 fail2ban.actions: WARNING [ssh] Ban 61.174.51.225
2014-07-13 17:20:16,882 fail2ban.actions: WARNING [ssh] Ban 61.174.50.163
2014-07-14 02:54:58,622 fail2ban.actions: WARNING [ssh] Ban 61.174.51.196
2014-07-14 05:05:52,832 fail2ban.actions: WARNING [ssh] Ban 61.174.51.203
2014-07-14 07:54:18,092 fail2ban.actions: WARNING [ssh] Ban 61.174.51.201
2014-07-14 13:45:12,782 fail2ban.actions: WARNING [ssh] Ban 61.174.50.235
2014-07-15 09:22:01,502 fail2ban.actions: WARNING [ssh] Ban 61.174.50.224
2014-07-15 19:23:42,842 fail2ban.actions: WARNING [ssh] Ban 61.174.51.232
2014-07-16 10:17:39,692 fail2ban.actions: WARNING [ssh] Ban 61.174.51.228
2014-07-16 13:05:21,982 fail2ban.actions: WARNING [ssh] Ban 61.174.51.215
2014-07-17 00:51:48,652 fail2ban.actions: WARNING [ssh] Ban 61.174.51.229
2014-07-19 03:12:20,776 fail2ban.actions: WARNING [ssh] Ban 61.174.51.223
2014-07-19 04:53:51,005 fail2ban.actions: WARNING [ssh] Ban 61.174.51.219
2014-07-19 05:13:03,234 fail2ban.actions: WARNING [ssh] Ban 61.174.51.229
2014-07-19 07:37:06,476 fail2ban.actions: WARNING [ssh] Ban 61.174.51.221
2014-07-19 09:53:11,715 fail2ban.actions: WARNING [ssh] Ban 61.174.51.209
2014-07-19 10:08:58,916 fail2ban.actions: WARNING [ssh] Ban 61.174.51.230
2014-07-19 13:21:00,134 fail2ban.actions: WARNING [ssh] Ban 61.174.51.194
2014-07-19 22:47:38,414 fail2ban.actions: WARNING [ssh] Ban 61.174.50.235
2014-07-19 23:06:44,675 fail2ban.actions: WARNING [ssh] Ban 61.174.51.234
2014-07-20 10:42:04,344 fail2ban.actions: WARNING [ssh] Ban 61.174.51.219
2014-07-20 15:06:40,684 fail2ban.actions: WARNING [ssh] Ban 61.174.51.234
2014-07-20 15:32:57,054 fail2ban.actions: WARNING [ssh] Ban 61.174.50.224
2014-07-20 18:10:09,264 fail2ban.actions: WARNING [ssh] Ban 61.174.51.199
2014-07-20 22:15:55,615 fail2ban.actions: WARNING [ssh] Ban 61.174.51.216
2014-07-20 23:43:12,894 fail2ban.actions: WARNING [ssh] Ban 61.174.51.211
2014-07-21 10:45:26,294 fail2ban.actions: WARNING [ssh] Ban 61.174.51.209
2014-07-21 13:57:00,675 fail2ban.actions: WARNING [ssh] Ban 61.174.51.196
2014-07-21 16:44:57,894 fail2ban.actions: WARNING [ssh] Ban 61.174.51.194
2014-07-21 18:01:31,085 fail2ban.actions: WARNING [ssh] Ban 61.174.51.203
2014-07-22 07:40:48,284 fail2ban.actions: WARNING [ssh] Ban 61.174.51.231
Noted before a month ago: An interesting pattern in ssh attempts showing up from China.

Update 2014-07-25:
It's also notable the attackers compensate for fail2ban. IPs that are blocked by fail2ban need only a few syn packets to find out.
# iptables -L fail2ban-SSH -nvx | grep 61.174.5
       3      144 DROP       all  --  *      *       61.174.51.211        0.0.0.0/0
       3      144 DROP       all  --  *      *       61.174.51.201        0.0.0.0/0
       8      320 DROP       all  --  *      *       61.174.51.205        0.0.0.0/0
       4      184 DROP       all  --  *      *       61.174.51.228        0.0.0.0/0
       1       40 DROP       all  --  *      *       61.174.51.234        0.0.0.0/0
       4      184 DROP       all  --  *      *       61.174.51.221        0.0.0.0/0
       0        0 DROP       all  --  *      *       61.174.51.223        0.0.0.0/0
       5      224 DROP       all  --  *      *       61.174.51.208        0.0.0.0/0
       3      144 DROP       all  --  *      *       61.174.51.214        0.0.0.0/0

Tags: ,

IPv6 check

Running test...
, reachable as koos+website@idefix.net. PGP encrypted e-mail preferred. PGP key 5BA9 368B E6F3 34E4 local copy PGP key 5BA9 368B E6F3 34E4 via keyservers

RSS
Meningen zijn die van mezelf, wat ik schrijf is beschermd door auteursrecht. Sommige publicaties bevatten een expliciete vermelding dat ze ongevraagd gedeeld mogen worden.
My opinions are my own, what I write is protected by copyrights. Some publications contain an explicit license statement which allows sharing without asking permission.
Other webprojects: Camp Wireless, wireless Internet access at campsites, The Virtual Bookcase, book reviews
This page generated by $Id: newsitem.cgi,v 1.57 2022/02/15 21:48:18 koos Exp $ in 0.005969 seconds.