<div dir="ltr">Dustin, <div><br></div><div>I had to do the same thing. I did iptables and route, just to make sure they are blocked. </div><div><br></div><div>Chuck</div></div><div class="gmail_extra"><br><br><div class="gmail_quote">
On Thu, May 29, 2014 at 4:40 PM, Jim Kinney <span dir="ltr"><<a href="mailto:jim.kinney@gmail.com" target="_blank">jim.kinney@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<p dir="ltr">Sounds like a new dev/null IP range.<br>
I get hit at home by a few hundred a week. Once I took the time to sort by time and noticed the incoming IP order matched nearly every day. I just dropped in fail2ban and the noise level went way down.</p><div class="HOEnZb">
<div class="h5">
<div class="gmail_quote">On May 29, 2014 4:05 PM, "Dustin Strickland" <<a href="mailto:dustin.h.strickland@gmail.com" target="_blank">dustin.h.strickland@gmail.com</a>> wrote:<br type="attribution"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
I usuallly don't do this, but I feel oddly compelled to ask. Over the<br>
past 3 days(and perhaps longer than that, but my logs were wiped on a<br>
reboot) I've been getting failed SSH login attempts in my logs from a<br>
bunch of different IPs in the range 116.10.191.1-254. I thought this<br>
was really unusual; typically, you'll get a few attempts over the<br>
course of 15 minutes to a few hours from ONE IP, but this has been going<br>
on steady for days. After researching a bit to try to find who owns this<br>
network, I found this:<br>
<a href="http://bannedhackersips.blogspot.com/2014/05/fail2ban-ssh-banned-11610191211_7510.html" target="_blank">http://bannedhackersips.blogspot.com/2014/05/fail2ban-ssh-banned-11610191211_7510.html</a><br>
<br>
`grep 116.10.191. /var/log/auth.log -c` returns 2920. Can you guys<br>
check your logs and post the results(and specultation)? Something isn't<br>
right about this, I think.<br>
_______________________________________________<br>
Ale mailing list<br>
<a href="mailto:Ale@ale.org" target="_blank">Ale@ale.org</a><br>
<a href="http://mail.ale.org/mailman/listinfo/ale" target="_blank">http://mail.ale.org/mailman/listinfo/ale</a><br>
See JOBS, ANNOUNCE and SCHOOLS lists at<br>
<a href="http://mail.ale.org/mailman/listinfo" target="_blank">http://mail.ale.org/mailman/listinfo</a><br>
</blockquote></div>
</div></div><br>_______________________________________________<br>
Ale mailing list<br>
<a href="mailto:Ale@ale.org">Ale@ale.org</a><br>
<a href="http://mail.ale.org/mailman/listinfo/ale" target="_blank">http://mail.ale.org/mailman/listinfo/ale</a><br>
See JOBS, ANNOUNCE and SCHOOLS lists at<br>
<a href="http://mail.ale.org/mailman/listinfo" target="_blank">http://mail.ale.org/mailman/listinfo</a><br>
<br></blockquote></div><br><br clear="all"><div><br></div>-- <br>Terror PUP a.k.a<br>Chuck "PUP" Payne<br> <br>(678) 636-9678<br>-----------------------------------------<br>Discover it! Enjoy it! Share it! openSUSE Linux.<br>
-----------------------------------------<br>openSUSE -- <a href="http://en.opensuse.org/User:Terrorpup" target="_blank">en.opensuse.org/User:Terrorpup</a><br>openSUSE Ambassador/openSUSE Member<br>Community Manager -- Southeast Linux Foundation (SELF)<br>
skype,twiiter,identica,friendfeed -- terrorpup<br>freenode(irc) --terrorpup/lupinstein<br>Register Linux Userid: 155363<br> <br>Have you tried SUSE Studio? Need to create a Live CD, an app you want to package and distribute , or create your own linux distro. Give SUSE Studio a try. <a href="http://www.susestudio.com" target="_blank">www.susestudio.com</a>.<br>
See you at Southeast Linux Fest, June 7-9, 2013 in Charlotte, NC. <a href="http://www.southeastlinuxfest.org" target="_blank">www.southeastlinuxfest.org</a>
</div>