All posts by drmike

[Fail2Ban] ssh: banned 222.242.105.93

Hi,

The IP 222.242.105.93 has just been banned by Fail2Ban after
6 attempts against ssh.

Here are more information about 222.242.105.93:

% [whois.apnic.net]
% Whois data copyright terms http://www.apnic.net/db/dbcopyright.html

% Information related to ‘222.240.0.0 – 222.247.255.255’

inetnum: 222.240.0.0 – 222.247.255.255
netname: CHINANET-HN
descr: CHINANET Hunan province network
descr: China Telecom
descr: No1,jin-rong Street
descr: Beijing 100032
country: CN
admin-c: CH93-AP
tech-c: YX69-AP
mnt-by: APNIC-HM
mnt-lower: MAINT-CHINANET-HN
mnt-routes: MAINT-CHINANET-HN
status: ALLOCATED PORTABLE
remarks: -+-+-+-+-+-+-+-+-+-+-+-++-+-+-+-+-+-+-+-+-+-+-+-+-+-+
remarks: This object can only be updated by APNIC hostmasters.
remarks: To update this object, please contact APNIC
remarks: hostmasters and include your organisation’s account
remarks: name in the subject line.
remarks: -+-+-+-+-+-+-+-+-+-+-+-++-+-+-+-+-+-+-+-+-+-+-+-+-+-+
changed: hm-changed@apnic.net 20040326
source: APNIC

person: Chinanet Hostmaster
nic-hdl: CH93-AP
e-mail: anti-spam@ns.chinanet.cn.net
address: No.31 ,jingrong street,beijing
address: 100032
phone: +86-10-58501724
fax-no: +86-10-58501724
country: CN
changed: dingsy@cndata.com 20070416
changed: zhengzm@gsta.com 20140227
mnt-by: MAINT-CHINANET
source: APNIC

person: Yali Xiao
address: Hunan Data Communication Bureau No.9 middle wuyi road ChangSha city,Hunan ,P.R.China 410011
country: CN
phone: +86-731-2260079
fax-no: +86-731-2265549
e-mail: liul@hnpta.net.cn
nic-hdl: YX69-AP
mnt-by: MAINT-CHINANET-HUNAN
changed: liul@hndcb.hnpta.net.cn 20010523
source: APNIC

% This query was served by the APNIC Whois Service version 1.69.1-APNICv1r0 (WHOIS2)

Lines containing IP:222.242.105.93 in /var/log/auth.log

Apr 27 08:29:10 vps3 sshd[6074]: Invalid user a from 222.242.105.93
Apr 27 08:29:10 vps3 sshd[6074]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.242.105.93
Apr 27 08:29:12 vps3 sshd[6074]: Failed password for invalid user a from 222.242.105.93 port 39781 ssh2
Apr 27 08:29:12 vps3 sshd[6074]: Received disconnect from 222.242.105.93: 11: Bye Bye [preauth]
Apr 27 08:29:15 vps3 sshd[6076]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.242.105.93 user=root
Apr 27 08:29:16 vps3 sshd[6076]: Failed password for root from 222.242.105.93 port 41187 ssh2
Apr 27 08:29:17 vps3 sshd[6076]: Received disconnect from 222.242.105.93: 11: Bye Bye [preauth]
Apr 27 08:29:19 vps3 sshd[6078]: Invalid user postgres from 222.242.105.93
Apr 27 08:29:19 vps3 sshd[6078]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.242.105.93
Apr 27 08:29:21 vps3 sshd[6078]: Failed password for invalid user postgres from 222.242.105.93 port 42645 ssh2
Apr 27 08:29:21 vps3 sshd[6078]: Received disconnect from 222.242.105.93: 11: Bye Bye [preauth]
Apr 27 08:29:24 vps3 sshd[6080]: Invalid user nagios from 222.242.105.93
Apr 27 08:29:24 vps3 sshd[6080]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.242.105.93

[Fail2Ban] ssh: banned 54.205.49.5

Amazon.com LogoHi,

The IP 54.205.49.5 has just been banned by Fail2Ban after
22 attempts against ssh.

Here are more information about 54.205.49.5:

#
# ARIN WHOIS data and services are subject to the Terms of Use
# available at: https://www.arin.net/whois_tou.html
#

#
# The following results may also be obtained via:
# http://whois.arin.net/rest/nets;q=54.205.49.5?showDetails=true&showARIN=false&ext=netref2
#

# start

NetRange: 54.204.0.0 – 54.205.255.255
CIDR: 54.204.0.0/15
OriginAS: AS16509
NetName: AMAZO-ZIAD7
NetHandle: NET-54-204-0-0-1
Parent: NET-54-192-0-0-1
NetType: Reallocated
RegDate: 2013-07-17
Updated: 2013-07-17
Ref: http://whois.arin.net/rest/net/NET-54-204-0-0-1

OrgName: Amazon.com, Inc.
OrgId: AMAZO-4
Address: Amazon Web Services, Elastic Compute Cloud, EC2
Address: 1200 12th Avenue South
City: Seattle
StateProv: WA
PostalCode: 98144
Country: US
RegDate: 2005-09-29
Updated: 2009-06-02
Comment: For details of this service please see
Comment: http://ec2.amazonaws.com/
Ref: http://whois.arin.net/rest/org/AMAZO-4

OrgTechHandle: ANO24-ARIN
OrgTechName: Amazon EC2 Network Operations
OrgTechPhone: +1-206-266-4064
OrgTechEmail: aes-noc@amazon.com
OrgTechRef: http://whois.arin.net/rest/poc/ANO24-ARIN

OrgAbuseHandle: AEA8-ARIN
OrgAbuseName: Amazon EC2 Abuse
OrgAbusePhone: +1-206-266-4064
OrgAbuseEmail: ec2-abuse@amazon.com
OrgAbuseRef: http://whois.arin.net/rest/poc/AEA8-ARIN

# end

# start

NetRange: 54.192.0.0 – 54.207.255.255
CIDR: 54.192.0.0/12
OriginAS: AS16509
NetName: AMAZON-2011L
NetHandle: NET-54-192-0-0-1
Parent: NET-54-0-0-0-0
NetType: Direct Allocation
RegDate: 2013-06-19
Updated: 2013-06-19
Ref: http://whois.arin.net/rest/net/NET-54-192-0-0-1

OrgName: Amazon Technologies Inc.
OrgId: AT-88-Z
Address: 410 Terry Ave N.
City: Seattle
StateProv: WA
PostalCode: 98109
Country: US
RegDate: 2011-12-08
Updated: 2012-01-06
Comment: All abuse reports MUST include:
Comment: * src IP
Comment: * dest IP (your IP)
Comment: * dest port
Comment: * Accurate date/timestamp and timezone of activity
Comment: * Intensity/frequency (short log extracts)
Comment: * Your contact details (phone and email) Without these we will be unable to identify the correct owner of the IP address at that point in time.
Ref: http://whois.arin.net/rest/org/AT-88-Z

OrgTechHandle: ROLEA19-ARIN
OrgTechName: Role Account
OrgTechPhone: +1-206-266-4064
OrgTechEmail: noc@amazon.com
OrgTechRef: http://whois.arin.net/rest/poc/ROLEA19-ARIN

OrgNOCHandle: AANO1-ARIN
OrgNOCName: Amazon AWS Network Operations
OrgNOCPhone: +1-206-266-2178
OrgNOCEmail: aes-noc@amazon.com
OrgNOCRef: http://whois.arin.net/rest/poc/AANO1-ARIN

OrgAbuseHandle: ROLEA19-ARIN
OrgAbuseName: Role Account
OrgAbusePhone: +1-206-266-4064
OrgAbuseEmail: noc@amazon.com
OrgAbuseRef: http://whois.arin.net/rest/poc/ROLEA19-ARIN

OrgTechHandle: AANO1-ARIN
OrgTechName: Amazon AWS Network Operations
OrgTechPhone: +1-206-266-2178
OrgTechEmail: aes-noc@amazon.com
OrgTechRef: http://whois.arin.net/rest/poc/AANO1-ARIN

OrgTechHandle: AC6-ORG-ARIN
OrgTechName: Amazon-com Incoroporated
OrgTechPhone: +1-206-266-4064
OrgTechEmail: NOC@amazon.com
OrgTechRef: http://whois.arin.net/rest/poc/AC6-ORG-ARIN

OrgNOCHandle: AC6-ORG-ARIN
OrgNOCName: Amazon-com Incoroporated
OrgNOCPhone: +1-206-266-4064
OrgNOCEmail: NOC@amazon.com
OrgNOCRef: http://whois.arin.net/rest/poc/AC6-ORG-ARIN

OrgNOCHandle: ROLEA19-ARIN
OrgNOCName: Role Account
OrgNOCPhone: +1-206-266-4064
OrgNOCEmail: noc@amazon.com
OrgNOCRef: http://whois.arin.net/rest/poc/ROLEA19-ARIN

OrgAbuseHandle: AANO1-ARIN
OrgAbuseName: Amazon AWS Network Operations
OrgAbusePhone: +1-206-266-2178
OrgAbuseEmail: aes-noc@amazon.com
OrgAbuseRef: http://whois.arin.net/rest/poc/AANO1-ARIN

# end

#
# ARIN WHOIS data and services are subject to the Terms of Use
# available at: https://www.arin.net/whois_tou.html
#

Lines containing IP:54.205.49.5 in /var/log/auth.log

Apr 27 04:58:55 vps3 sshd[4838]: Invalid user support from 54.205.49.5
Apr 27 04:58:55 vps3 sshd[4842]: Invalid user admin from 54.205.49.5
Apr 27 04:58:55 vps3 sshd[4840]: Invalid user ubnt from 54.205.49.5
Apr 27 04:58:55 vps3 sshd[4846]: Invalid user D-Link from 54.205.49.5
Apr 27 04:58:55 vps3 sshd[4853]: Invalid user cisco from 54.205.49.5
Apr 27 04:58:55 vps3 sshd[4846]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=ec2-54-205-49-5.compute-1.amazonaws.com
Apr 27 04:58:55 vps3 sshd[4853]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=ec2-54-205-49-5.compute-1.amazonaws.com
Apr 27 04:58:55 vps3 sshd[4842]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=ec2-54-205-49-5.compute-1.amazonaws.com
Apr 27 04:58:55 vps3 sshd[4844]: Invalid user PlcmSpIp from 54.205.49.5
Apr 27 04:58:55 vps3 sshd[4840]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=ec2-54-205-49-5.compute-1.amazonaws.com
Apr 27 04:58:55 vps3 sshd[4847]: Invalid user admin from 54.205.49.5
Apr 27 04:58:55 vps3 sshd[4848]: Invalid user admin from 54.205.49.5
Apr 27 04:58:55 vps3 sshd[4847]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=ec2-54-205-49-5.compute-1.amazonaws.com
Apr 27 04:58:55 vps3 sshd[4844]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=ec2-54-205-49-5.compute-1.amazonaws.com
Apr 27 04:58:55 vps3 sshd[4849]: Invalid user draytek from 54.205.49.5
Apr 27 04:58:55 vps3 sshd[4848]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=ec2-54-205-49-5.compute-1.amazonaws.com
Apr 27 04:58:55 vps3 sshd[4856]: Invalid user helen from 54.205.49.5
Apr 27 04:58:55 vps3 sshd[4838]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=ec2-54-205-49-5.compute-1.amazonaws.com
Apr 27 04:58:55 vps3 sshd[4856]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=ec2-54-205-49-5.compute-1.amazonaws.com
Apr 27 04:58:55 vps3 sshd[4839]: Invalid user admin from 54.205.49.5
Apr 27 04:58:55 vps3 sshd[4849]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=ec2-54-205-49-5.compute-1.amazonaws.com
Apr 27 04:58:55 vps3 sshd[4839]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=ec2-54-205-49-5.compute-1.amazonaws.com
Apr 27 04:58:55 vps3 sshd[4845]: Invalid user admin from 54.205.49.5
Apr 27 04:58:55 vps3 sshd[4852]: Invalid user test from 54.205.49.5
Apr 27 04:58:55 vps3 sshd[4845]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=ec2-54-205-49-5.compute-1.amazonaws.com
Apr 27 04:58:55 vps3 sshd[4850]: Invalid user guest from 54.205.49.5
Apr 27 04:58:55 vps3 sshd[4852]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=ec2-54-205-49-5.compute-1.amazonaws.com
Apr 27 04:58:55 vps3 sshd[4850]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=ec2-54-205-49-5.compute-1.amazonaws.com
Apr 27 04:58:55 vps3 sshd[4843]: Invalid user PlcmSpIp from 54.205.49.5
Apr 27 04:58:55 vps3 sshd[4843]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=ec2-54-205-49-5.compute-1.amazonaws.com
Apr 27 04:58:55 vps3 sshd[4872]: Invalid user majordomo from 54.205.49.5
Apr 27 04:58:55 vps3 sshd[4872]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=ec2-54-205-49-5.compute-1.amazonaws.com
Apr 27 04:58:55 vps3 sshd[4873]: Invalid user george from 54.205.49.5
Apr 27 04:58:55 vps3 sshd[4873]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=ec2-54-205-49-5.compute-1.amazonaws.com
Apr 27 04:58:55 vps3 sshd[4851]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=ec2-54-205-49-5.compute-1.amazonaws.com user=root
Apr 27 04:58:55 vps3 sshd[4841]: Invalid user adm from 54.205.49.5
Apr 27 04:58:55 vps3 sshd[4841]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=ec2-54-205-49-5.compute-1.amazonaws.com
Apr 27 04:58:56 vps3 sshd[4842]: Failed password for invalid user admin from 54.205.49.5 port 38123 ssh2
Apr 27 04:58:56 vps3 sshd[4853]: Failed password for invalid user cisco from 54.205.49.5 port 38139 ssh2
Apr 27 04:58:56 vps3 sshd[4840]: Failed password for invalid user ubnt from 54.205.49.5 port 38122 ssh2
Apr 27 04:58:56 vps3 sshd[4846]: Failed password for invalid user D-Link from 54.205.49.5 port 38127 ssh2
Apr 27 04:58:56 vps3 sshd[4847]: Failed password for invalid user admin from 54.205.49.5 port 38128 ssh2
Apr 27 04:58:56 vps3 sshd[4848]: Failed password for invalid user admin from 54.205.49.5 port 38130 ssh2
Apr 27 04:58:56 vps3 sshd[4844]: Failed password for invalid user PlcmSpIp from 54.205.49.5 port 38125 ssh2
Apr 27 04:58:56 vps3 sshd[4838]: Failed password for invalid user support from 54.205.49.5 port 38121 ssh2
Apr 27 04:58:56 vps3 sshd[4849]: Failed password for invalid user draytek from 54.205.49.5 port 38132 ssh2
Apr 27 04:58:56 vps3 sshd[4856]: Failed password for invalid user helen from 54.205.49.5 port 38143 ssh2
Apr 27 04:58:56 vps3 sshd[4839]: Failed password for invalid user admin from 54.205.49.5 port 38120 ssh2
Apr 27 04:58:56 vps3 sshd[4845]: Failed password for invalid user admin from 54.205.49.5 port 38129 ssh2
Apr 27 04:58:56 vps3 sshd[4852]: Failed password for invalid user test from 54.205.49.5 port 38137 ssh2
Apr 27 04:58:56 vps3 sshd[4850]: Failed password for invalid user guest from 54.205.49.5 port 38134 ssh2
Apr 27 04:58:56 vps3 sshd[4853]: Connection closed by 54.205.49.5 [preauth]
Apr 27 04:58:56 vps3 sshd[4846]: Connection closed by 54.205.49.5 [preauth]
Apr 27 04:58:56 vps3 sshd[4842]: Connection closed by 54.205.49.5 [preauth]
Apr 27 04:58:56 vps3 sshd[4843]: Failed password for invalid user PlcmSpIp from 54.205.49.5 port 38124 ssh2
Apr 27 04:58:56 vps3 sshd[4840]: Connection closed by 54.205.49.5 [preauth]
Apr 27 04:58:56 vps3 sshd[4847]: Connection closed by 54.205.49.5 [preauth]
Apr 27 04:58:56 vps3 sshd[4844]: Connection closed by 54.205.49.5 [preauth]
Apr 27 04:58:56 vps3 sshd[4848]: Connection closed by 54.205.49.5 [preauth]
Apr 27 04:58:56 vps3 sshd[4838]: Connection closed by 54.205.49.5 [preauth]
Apr 27 04:58:56 vps3 sshd[4856]: Connection closed by 54.205.49.5 [preauth]
Apr 27 04:58:56 vps3 sshd[4849]: Connection closed by 54.205.49.5 [preauth]
Apr 27 04:58:56 vps3 sshd[4839]: Connection closed by 54.205.49.5 [preauth]
Apr 27 04:58:56 vps3 sshd[4845]: Connection closed by 54.205.49.5 [preauth]
Apr 27 04:58:56 vps3 sshd[4852]: Connection closed by 54.205.49.5 [preauth]
Apr 27 04:58:56 vps3 sshd[4850]: Connection closed by 54.205.49.5 [preauth]
Apr 27 04:58:56 vps3 sshd[4843]: Connection closed by 54.205.49.5 [preauth]
Apr 27 04:58:56 vps3 sshd[4872]: Failed password for invalid user majordomo from 54.205.49.5 port 38155 ssh2
Apr 27 04:58:56 vps3 sshd[4872]: Connection closed by 54.205.49.5 [preauth]
Apr 27 04:58:56 vps3 sshd[4873]: Failed password for invalid user george from 54.205.49.5 port 38156 ssh2
Apr 27 04:58:56 vps3 sshd[4851]: Failed password for root from 54.205.49.5 port 38136 ssh2
Apr 27 04:58:56 vps3 sshd[4873]: Connection closed by 54.205.49.5 [preauth]
Apr 27 04:58:56 vps3 sshd[4841]: Failed password for invalid user adm from 54.205.49.5 port 38126 ssh2
Apr 27 04:58:56 vps3 sshd[4851]: Connection closed by 54.205.49.5 [preauth]
Apr 27 04:58:56 vps3 sshd[4841]: Connection closed by 54.205.49.5 [preauth]

[Fail2Ban] ssh: banned 87.98.252.201

Hi,

The IP 87.98.252.201 has just been banned by Fail2Ban after
7 attempts against ssh.

Here are more information about 87.98.252.201:

% This is the RIPE Database query service.
% The objects are in RPSL format.
%
% The RIPE Database is subject to Terms and Conditions.
% See http://www.ripe.net/db/support/db-terms-conditions.pdf

% Note: this output has been filtered.
% To receive output for a database update, use the “-B” flag.

% Information related to ‘87.98.252.0 – 87.98.253.255’

% Abuse contact for ‘87.98.252.0 – 87.98.253.255’ is ‘abuse@ovh.net’

inetnum: 87.98.252.0 – 87.98.253.255
netname: BE-OVH
descr: OVH BE
country: BE
org: ORG-OB10-RIPE
admin-c: OK217-RIPE
tech-c: OTC2-RIPE
status: ASSIGNED PA
mnt-by: OVH-MNT
source: RIPE # Filtered

organisation: ORG-OB10-RIPE
org-name: OVH BE
org-type: OTHER
address: InterXion Belgium N.V.
address: Wezembeekstraat 2
address: 1930 Zaventem
address: Belgium
abuse-mailbox: abuse@ovh.net
mnt-ref: OVH-MNT
mnt-by: OVH-MNT
source: RIPE # Filtered

role: OVH Technical Contact
address: OVH SAS
address: 2 rue Kellermann
address: 59100 Roubaix
address: France
admin-c: OK217-RIPE
tech-c: GM84-RIPE
nic-hdl: OTC2-RIPE
abuse-mailbox: abuse@ovh.net
mnt-by: OVH-MNT
source: RIPE # Filtered

person: Octave Klaba
address: OVH SAS
address: 2 rue Kellermann
address: 59100 Roubaix
address: France
phone: +33 9 74 53 13 23
nic-hdl: OK217-RIPE
abuse-mailbox: abuse@ovh.net
mnt-by: OVH-MNT
source: RIPE # Filtered

% Information related to ‘87.98.128.0/17AS16276’

route: 87.98.128.0/17
descr: OVH ISP
descr: Paris, France
origin: AS16276
mnt-by: OVH-MNT
source: RIPE # Filtered

% This query was served by the RIPE Database Query Service version 1.72 (DBC-WHOIS1)

Lines containing IP:87.98.252.201 in /var/log/auth.log

Apr 26 21:46:52 vps3 sshd[3312]: Failed password for root from 87.98.252.201 port 50578 ssh2
Apr 26 21:46:52 vps3 sshd[3312]: Received disconnect from 87.98.252.201: 11: Bye Bye [preauth]
Apr 26 21:46:53 vps3 sshd[3314]: Invalid user ghost from 87.98.252.201
Apr 26 21:46:55 vps3 sshd[3314]: Failed password for invalid user ghost from 87.98.252.201 port 52990 ssh2
Apr 26 21:46:55 vps3 sshd[3314]: Received disconnect from 87.98.252.201: 11: Bye Bye [preauth]
Apr 26 21:46:58 vps3 sshd[3316]: Failed password for root from 87.98.252.201 port 54702 ssh2
Apr 26 21:46:58 vps3 sshd[3316]: Received disconnect from 87.98.252.201: 11: Bye Bye [preauth]
Apr 26 21:47:00 vps3 sshd[3318]: Failed password for root from 87.98.252.201 port 56588 ssh2
Apr 26 21:47:01 vps3 sshd[3318]: Received disconnect from 87.98.252.201: 11: Bye Bye [preauth]
Apr 26 21:47:04 vps3 sshd[3320]: Failed password for root from 87.98.252.201 port 57864 ssh2
Apr 26 21:47:04 vps3 sshd[3320]: Received disconnect from 87.98.252.201: 11: Bye Bye [preauth]
Apr 26 21:47:05 vps3 sshd[3322]: Invalid user syslog from 87.98.252.201
Apr 26 21:47:07 vps3 sshd[3322]: Failed password for invalid user syslog from 87.98.252.201 port 59742 ssh2

[Fail2Ban] ssh: banned 125.132.45.34

Hi,

The IP 125.132.45.34 has just been banned by Fail2Ban after
6 attempts against ssh.

Here are more information about 125.132.45.34:

query : 125.132.45.34

# KOREAN(UTF8)

조회하신 IPv4주소는 한국인터넷진흥원으로부터 아래의 관리대행자에게 할당되었으며, 할당 정보는 다음과 같습니다.

[ 네트워크 할당 정보 ]
IPv4주소 : 125.128.0.0 – 125.159.255.255 (/11)
서비스명 : KORNET
기관명 : 주식회사 케이티
기관고유번호 : ORG1600
주소 : 경기도 성남시 분당구 불정로 90 (정자동) 한국통신 e-Biz본부 기획팀
우편번호 : 463-711
할당일자 : 20050822

[ IPv4주소 책임자 정보 ]
이름 : IP주소관리자
전화번호 : +82-2-500-6630
전자우편 : kornet_ip@kt.com

[ IPv4주소 담당자 정보 ]
이름 : IP주소담당자
전화번호 : +82-2-500-6630
전자우편 : kornet_ip@kt.com

[ 스팸 해킹 담당자 정보 ]
이름 : 스팸/해킹담당
전화번호 : +82-2-100-0000
전자우편 : abuse@kornet.net

——————————————————————————–

조회하신 IPv4주소에 대한 위 관리대행자의 사용자 할당정보가 존재하지 않습니다.

# ENGLISH

KRNIC is not an ISP but a National Internet Registry similar to APNIC.

[ Network Information ]
IPv4 Address : 125.128.0.0 – 125.159.255.255 (/11)
Service Name : KORNET
Organization Name : Korea Telecom
Organization ID : ORG1600
Address : 206, Gyeonggi-do Bundang-gu, Seongnam-si Buljeong-ro
Zip Code : 463-711
Registration Date : 20050822

[ Admin Contact Information ]
Name : IP Administrator
Phone : +82-2-500-6630
E-Mail : kornet_ip@kt.com

[ Tech Contact Information ]
Name : IP Manager
Phone : +82-2-500-6630
E-Mail : kornet_ip@kt.com

[ Network Abuse Contact Information ]
Name : Network Abuse
Phone : +82-2-100-0000
E-Mail : abuse@kornet.net

– KISA/KRNIC Whois Service –

Lines containing IP:125.132.45.34 in /var/log/auth.log

Apr 26 02:28:00 vps3 sshd[13075]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.132.45.34 user=root
Apr 26 02:28:03 vps3 sshd[13075]: Failed password for root from 125.132.45.34 port 46711 ssh2
Apr 26 02:28:03 vps3 sshd[13075]: Received disconnect from 125.132.45.34: 11: Bye Bye [preauth]
Apr 26 02:28:05 vps3 sshd[13082]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.132.45.34 user=root
Apr 26 02:28:08 vps3 sshd[13082]: Failed password for root from 125.132.45.34 port 47130 ssh2
Apr 26 02:28:08 vps3 sshd[13082]: Received disconnect from 125.132.45.34: 11: Bye Bye [preauth]
Apr 26 02:28:10 vps3 sshd[13084]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.132.45.34 user=root
Apr 26 02:28:12 vps3 sshd[13084]: Failed password for root from 125.132.45.34 port 47512 ssh2
Apr 26 02:28:12 vps3 sshd[13084]: Received disconnect from 125.132.45.34: 11: Bye Bye [preauth]
Apr 26 02:28:14 vps3 sshd[13086]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.132.45.34 user=root
Apr 26 02:28:16 vps3 sshd[13086]: Failed password for root from 125.132.45.34 port 47925 ssh2
Apr 26 02:28:16 vps3 sshd[13086]: Received disconnect from 125.132.45.34: 11: Bye Bye [preauth]
Apr 26 02:28:18 vps3 sshd[13088]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.132.45.34 user=root
Apr 26 02:28:21 vps3 sshd[13088]: Failed password for root from 125.132.45.34 port 48307 ssh2
Apr 26 02:28:21 vps3 sshd[13088]: Received disconnect from 125.132.45.34: 11: Bye Bye [preauth]
Apr 26 02:28:23 vps3 sshd[13090]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.132.45.34 user=root
Apr 26 02:28:26 vps3 sshd[13090]: Failed password for root from 125.132.45.34 port 48676 ssh2
Apr 26 02:28:26 vps3 sshd[13090]: Received disconnect from 125.132.45.34: 11: Bye Bye [preauth]

[Fail2Ban] ssh: banned 60.173.26.69

Hi,

The IP 60.173.26.69 has just been banned by Fail2Ban after
6 attempts against ssh.

Here are more information about 60.173.26.69:

% [whois.apnic.net]
% Whois data copyright terms http://www.apnic.net/db/dbcopyright.html

% Information related to ‘60.166.0.0 – 60.175.255.255’

inetnum: 60.166.0.0 – 60.175.255.255
netname: CHINANET-AH
descr: CHINANET anhui province network
descr: China Telecom
descr: A12,Xin-Jie-Kou-Wai Street
descr: Beijing 100088
country: CN
admin-c: CH93-AP
tech-c: JW89-AP
mnt-by: APNIC-HM
mnt-routes: MAINT-CHINANET-AH
mnt-lower: MAINT-CHINANET-AH
status: ALLOCATED PORTABLE
changed: hm-changed@apnic.net 20040721
source: APNIC

person: Chinanet Hostmaster
nic-hdl: CH93-AP
e-mail: anti-spam@ns.chinanet.cn.net
address: No.31 ,jingrong street,beijing
address: 100032
phone: +86-10-58501724
fax-no: +86-10-58501724
country: CN
changed: dingsy@cndata.com 20070416
changed: zhengzm@gsta.com 20140227
mnt-by: MAINT-CHINANET
source: APNIC

person: Jinneng Wang
address: 17/F, Postal Building No.120 Changjiang
address: Middle Road, Hefei, Anhui, China
country: CN
phone: +86-551-2659073
fax-no: +86-551-2659287
e-mail: ahdata@189.cn
nic-hdl: JW89-AP
mnt-by: MAINT-CHINANET-AH
changed: wang@mail.hf.ah.cninfo.net 19990818
changed: hm-changed@apnic.net 20140221
source: APNIC

% This query was served by the APNIC Whois Service version 1.69.1-APNICv1r0 (WHOIS2)

Lines containing IP:60.173.26.69 in /var/log/auth.log

Apr 25 19:31:41 vps3 sshd[11271]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=60.173.26.69 user=root
Apr 25 19:31:43 vps3 sshd[11271]: Failed password for root from 60.173.26.69 port 13398 ssh2
Apr 25 19:31:43 vps3 sshd[11271]: Received disconnect from 60.173.26.69: 11: Normal Shutdown, Thank you for playing [preauth]
Apr 25 19:31:45 vps3 sshd[11273]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=60.173.26.69 user=root
Apr 25 19:31:46 vps3 sshd[11273]: Failed password for root from 60.173.26.69 port 14250 ssh2
Apr 25 19:31:46 vps3 sshd[11273]: Received disconnect from 60.173.26.69: 11: Normal Shutdown, Thank you for playing [preauth]
Apr 25 19:31:48 vps3 sshd[11275]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=60.173.26.69 user=root
Apr 25 19:31:50 vps3 sshd[11275]: Failed password for root from 60.173.26.69 port 15008 ssh2
Apr 25 19:31:50 vps3 sshd[11275]: Received disconnect from 60.173.26.69: 11: Normal Shutdown, Thank you for playing [preauth]
Apr 25 19:31:52 vps3 sshd[11277]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=60.173.26.69 user=root
Apr 25 19:31:54 vps3 sshd[11277]: Failed password for root from 60.173.26.69 port 15848 ssh2
Apr 25 19:31:54 vps3 sshd[11277]: Received disconnect from 60.173.26.69: 11: Normal Shutdown, Thank you for playing [preauth]
Apr 25 19:31:56 vps3 sshd[11280]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=60.173.26.69 user=root
Apr 25 19:31:58 vps3 sshd[11280]: Failed password for root from 60.173.26.69 port 16657 ssh2
Apr 25 19:31:58 vps3 sshd[11280]: Received disconnect from 60.173.26.69: 11: Normal Shutdown, Thank you for playing [preauth]
Apr 25 19:32:00 vps3 sshd[11282]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=60.173.26.69 user=root
Apr 25 19:32:01 vps3 sshd[11282]: Failed password for root from 60.173.26.69 port 17537 ssh2
Apr 25 19:32:02 vps3 sshd[11282]: Received disconnect from 60.173.26.69: 11: Normal Shutdown, Thank you for playing [preauth]
Apr 25 19:32:03 vps3 sshd[11284]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=60.173.26.69 user=root

[Fail2Ban] ssh: banned 168.63.211.215

Hi,

The IP 168.63.211.215 has just been banned by Fail2Ban after
6 attempts against ssh.

Here are more information about 168.63.211.215:

#
# ARIN WHOIS data and services are subject to the Terms of Use
# available at: https://www.arin.net/whois_tou.html
#

#
# The following results may also be obtained via:
# http://whois.arin.net/rest/nets;q=168.63.211.215?showDetails=true&showARIN=false&ext=netref2
#

NetRange: 168.61.0.0 – 168.63.255.255
CIDR: 168.62.0.0/15, 168.61.0.0/16
OriginAS:
NetName: MICROSOFT
NetHandle: NET-168-61-0-0-1
Parent: NET-168-0-0-0-0
NetType: Direct Assignment
RegDate: 2011-06-22
Updated: 2013-08-20
Ref: http://whois.arin.net/rest/net/NET-168-61-0-0-1

OrgName: Microsoft Corp
OrgId: MSFT-Z
Address: One Microsoft Way
City: Redmond
StateProv: WA
PostalCode: 98052
Country: US
RegDate: 2011-06-22
Updated: 2013-10-03
Comment: To report suspected security issues specific to
Comment: traffic emanating from Microsoft online services,
Comment: including the distribution of malicious content
Comment: or other illicit or illegal material through a
Comment: Microsoft online service, please submit reports
Comment: to:
Comment: * https://cert.microsoft.com.
Comment:
Comment: For SPAM and other abuse issues, such as Microsoft
Comment: Accounts, please contact:
Comment: * abuse@microsoft.com.
Comment:
Comment: To report security vulnerabilities in Microsoft
Comment: products and services, please contact:
Comment: * secure@microsoft.com.
Comment:
Comment: For legal and law enforcement-related requests,
Comment: please contact:
Comment: * msndcc@microsoft.com
Comment:
Comment: For routing, peering or DNS issues, please
Comment: contact:
Comment: * IOC@microsoft.com
Ref: http://whois.arin.net/rest/org/MSFT-Z

OrgTechHandle: MRPD-ARIN
OrgTechName: Microsoft Routing, Peering, and DNS
OrgTechPhone: +1-425-882-8080
OrgTechEmail: IOC@microsoft.com
OrgTechRef: http://whois.arin.net/rest/poc/MRPD-ARIN

OrgAbuseHandle: MAC74-ARIN
OrgAbuseName: Microsoft Abuse Contact
OrgAbusePhone: +1-425-882-8080
OrgAbuseEmail: abuse@microsoft.com
OrgAbuseRef: http://whois.arin.net/rest/poc/MAC74-ARIN

#
# ARIN WHOIS data and services are subject to the Terms of Use
# available at: https://www.arin.net/whois_tou.html
#

Lines containing IP:168.63.211.215 in /var/log/auth.log

Apr 22 17:33:59 vps3 sshd[26047]: Did not receive identification string from 168.63.211.215
Apr 22 17:34:20 vps3 sshd[26048]: Invalid user admin from 168.63.211.215
Apr 22 17:34:20 vps3 sshd[26048]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=168.63.211.215
Apr 22 17:34:22 vps3 sshd[26048]: Failed password for invalid user admin from 168.63.211.215 port 1050 ssh2
Apr 22 17:34:42 vps3 sshd[26051]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=168.63.211.215 user=root
Apr 22 17:34:45 vps3 sshd[26051]: Failed password for root from 168.63.211.215 port 1049 ssh2
Apr 22 17:35:19 vps3 sshd[26053]: Invalid user guest from 168.63.211.215
Apr 22 17:35:19 vps3 sshd[26053]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=168.63.211.215
Apr 22 17:35:20 vps3 sshd[26053]: Failed password for invalid user guest from 168.63.211.215 port 1050 ssh2
Apr 22 17:36:10 vps3 sshd[26056]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=168.63.211.215 user=uucp
Apr 22 17:36:12 vps3 sshd[26056]: Failed password for uucp from 168.63.211.215 port 1040 ssh2

Regards,

Fail2Ban

[Fail2Ban] ssh: banned 83.222.230.90

Hi,

The IP 83.222.230.90 has just been banned by Fail2Ban after
6 attempts against ssh.

Here are more information about 83.222.230.90:

% This is the RIPE Database query service.
% The objects are in RPSL format.
%
% The RIPE Database is subject to Terms and Conditions.
% See http://www.ripe.net/db/support/db-terms-conditions.pdf

% Note: this output has been filtered.
% To receive output for a database update, use the “-B” flag.

% Information related to ‘83.222.230.0 – 83.222.231.255’

% Abuse contact for ‘83.222.230.0 – 83.222.231.255’ is ‘abuse@peer1.com’

inetnum: 83.222.230.0 – 83.222.231.255
netname: EU-PER1
descr: Peer 1 Network Enterprises Limited
country: GB
org: ORG-PNEL1-RIPE
admin-c: NOC116-RIPE
tech-c: NOC116-RIPE
status: ASSIGNED PA
mnt-by: PNE-NETADMIN-MNT
mnt-lower: PNE-NETADMIN-MNT
mnt-domains: PNE-NETADMIN-MNT
mnt-routes: PNE-NETADMIN-MNT
source: RIPE # Filtered
remarks: INFRA-AW

organisation: ORG-PNEL1-RIPE
org-name: Peer 1 Network Enterprises Limited
org-type: LIR
address: Peer 1 Network Inc. 1000-555 West Hastings Street V6B 4N5 Vancouver Canada
phone: +16046837747
fax-no: +16046834634
mnt-ref: RIPE-NCC-HM-MNT
mnt-ref: PNE-NETADMIN-MNT
mnt-by: RIPE-NCC-HM-MNT
abuse-c: PE1
source: RIPE # Filtered

person: Peer 1 Support
address: Suite 1000 – 555 West Hastings St.
address: Vancouver
address: British Columbia
address: Canada
phone: +6044842588
nic-hdl: NOC116-RIPE
mnt-by: PNE-NETADMIN-MNT
source: RIPE # Filtered

% This query was served by the RIPE Database Query Service version 1.72 (DBC-WHOIS2)

Lines containing IP:83.222.230.90 in /var/log/auth.log

Apr 22 18:37:00 vps3 sshd[26291]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=83.222.230.90 user=root
Apr 22 18:37:02 vps3 sshd[26291]: Failed password for root from 83.222.230.90 port 53655 ssh2
Apr 22 18:37:02 vps3 sshd[26291]: Received disconnect from 83.222.230.90: 11: Bye Bye [preauth]
Apr 22 18:37:03 vps3 sshd[26293]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=83.222.230.90 user=root
Apr 22 18:37:05 vps3 sshd[26293]: Failed password for root from 83.222.230.90 port 54675 ssh2
Apr 22 18:37:05 vps3 sshd[26293]: Received disconnect from 83.222.230.90: 11: Bye Bye [preauth]
Apr 22 18:37:06 vps3 sshd[26295]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=83.222.230.90 user=root
Apr 22 18:37:08 vps3 sshd[26295]: Failed password for root from 83.222.230.90 port 55568 ssh2
Apr 22 18:37:08 vps3 sshd[26295]: Received disconnect from 83.222.230.90: 11: Bye Bye [preauth]
Apr 22 18:37:09 vps3 sshd[26297]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=83.222.230.90 user=root
Apr 22 18:37:11 vps3 sshd[26297]: Failed password for root from 83.222.230.90 port 56573 ssh2
Apr 22 18:37:11 vps3 sshd[26297]: Received disconnect from 83.222.230.90: 11: Bye Bye [preauth]
Apr 22 18:37:12 vps3 sshd[26299]: Invalid user fls from 83.222.230.90
Apr 22 18:37:12 vps3 sshd[26299]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=83.222.230.90
Apr 22 18:37:14 vps3 sshd[26299]: Failed password for invalid user fls from 83.222.230.90 port 57576 ssh2
Apr 22 18:37:14 vps3 sshd[26299]: Received disconnect from 83.222.230.90: 11: Bye Bye [preauth]
Apr 22 18:37:15 vps3 sshd[26301]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=83.222.230.90 user=root

Regards,

Fail2Ban