[ale] [OT] Chinese brute-force network?

Dustin Strickland dustin.h.strickland at gmail.com
Thu May 29 16:03:17 EDT 2014


I usuallly don't do this, but I feel oddly compelled to ask. Over the
past 3 days(and perhaps longer than that, but my logs were wiped on a
reboot) I've been getting failed SSH login attempts in my logs from a
bunch of different IPs in the range 116.10.191.1-254. I thought this
was really unusual; typically, you'll get a few attempts over the
course of 15 minutes to a few hours from ONE IP, but this has been going
on steady for days. After researching a bit to try to find who owns this
network, I found this:
http://bannedhackersips.blogspot.com/2014/05/fail2ban-ssh-banned-11610191211_7510.html

`grep 116.10.191. /var/log/auth.log -c` returns 2920. Can you guys
check your logs and post the results(and specultation)? Something isn't
right about this, I think.


More information about the Ale mailing list