Category Archives: Amazon

[Fail2Ban] ssh: banned 54.205.49.5

Amazon.com LogoHi,

The IP 54.205.49.5 has just been banned by Fail2Ban after
22 attempts against ssh.

Here are more information about 54.205.49.5:

#
# ARIN WHOIS data and services are subject to the Terms of Use
# available at: https://www.arin.net/whois_tou.html
#

#
# The following results may also be obtained via:
# http://whois.arin.net/rest/nets;q=54.205.49.5?showDetails=true&showARIN=false&ext=netref2
#

# start

NetRange: 54.204.0.0 – 54.205.255.255
CIDR: 54.204.0.0/15
OriginAS: AS16509
NetName: AMAZO-ZIAD7
NetHandle: NET-54-204-0-0-1
Parent: NET-54-192-0-0-1
NetType: Reallocated
RegDate: 2013-07-17
Updated: 2013-07-17
Ref: http://whois.arin.net/rest/net/NET-54-204-0-0-1

OrgName: Amazon.com, Inc.
OrgId: AMAZO-4
Address: Amazon Web Services, Elastic Compute Cloud, EC2
Address: 1200 12th Avenue South
City: Seattle
StateProv: WA
PostalCode: 98144
Country: US
RegDate: 2005-09-29
Updated: 2009-06-02
Comment: For details of this service please see
Comment: http://ec2.amazonaws.com/
Ref: http://whois.arin.net/rest/org/AMAZO-4

OrgTechHandle: ANO24-ARIN
OrgTechName: Amazon EC2 Network Operations
OrgTechPhone: +1-206-266-4064
OrgTechEmail: aes-noc@amazon.com
OrgTechRef: http://whois.arin.net/rest/poc/ANO24-ARIN

OrgAbuseHandle: AEA8-ARIN
OrgAbuseName: Amazon EC2 Abuse
OrgAbusePhone: +1-206-266-4064
OrgAbuseEmail: ec2-abuse@amazon.com
OrgAbuseRef: http://whois.arin.net/rest/poc/AEA8-ARIN

# end

# start

NetRange: 54.192.0.0 – 54.207.255.255
CIDR: 54.192.0.0/12
OriginAS: AS16509
NetName: AMAZON-2011L
NetHandle: NET-54-192-0-0-1
Parent: NET-54-0-0-0-0
NetType: Direct Allocation
RegDate: 2013-06-19
Updated: 2013-06-19
Ref: http://whois.arin.net/rest/net/NET-54-192-0-0-1

OrgName: Amazon Technologies Inc.
OrgId: AT-88-Z
Address: 410 Terry Ave N.
City: Seattle
StateProv: WA
PostalCode: 98109
Country: US
RegDate: 2011-12-08
Updated: 2012-01-06
Comment: All abuse reports MUST include:
Comment: * src IP
Comment: * dest IP (your IP)
Comment: * dest port
Comment: * Accurate date/timestamp and timezone of activity
Comment: * Intensity/frequency (short log extracts)
Comment: * Your contact details (phone and email) Without these we will be unable to identify the correct owner of the IP address at that point in time.
Ref: http://whois.arin.net/rest/org/AT-88-Z

OrgTechHandle: ROLEA19-ARIN
OrgTechName: Role Account
OrgTechPhone: +1-206-266-4064
OrgTechEmail: noc@amazon.com
OrgTechRef: http://whois.arin.net/rest/poc/ROLEA19-ARIN

OrgNOCHandle: AANO1-ARIN
OrgNOCName: Amazon AWS Network Operations
OrgNOCPhone: +1-206-266-2178
OrgNOCEmail: aes-noc@amazon.com
OrgNOCRef: http://whois.arin.net/rest/poc/AANO1-ARIN

OrgAbuseHandle: ROLEA19-ARIN
OrgAbuseName: Role Account
OrgAbusePhone: +1-206-266-4064
OrgAbuseEmail: noc@amazon.com
OrgAbuseRef: http://whois.arin.net/rest/poc/ROLEA19-ARIN

OrgTechHandle: AANO1-ARIN
OrgTechName: Amazon AWS Network Operations
OrgTechPhone: +1-206-266-2178
OrgTechEmail: aes-noc@amazon.com
OrgTechRef: http://whois.arin.net/rest/poc/AANO1-ARIN

OrgTechHandle: AC6-ORG-ARIN
OrgTechName: Amazon-com Incoroporated
OrgTechPhone: +1-206-266-4064
OrgTechEmail: NOC@amazon.com
OrgTechRef: http://whois.arin.net/rest/poc/AC6-ORG-ARIN

OrgNOCHandle: AC6-ORG-ARIN
OrgNOCName: Amazon-com Incoroporated
OrgNOCPhone: +1-206-266-4064
OrgNOCEmail: NOC@amazon.com
OrgNOCRef: http://whois.arin.net/rest/poc/AC6-ORG-ARIN

OrgNOCHandle: ROLEA19-ARIN
OrgNOCName: Role Account
OrgNOCPhone: +1-206-266-4064
OrgNOCEmail: noc@amazon.com
OrgNOCRef: http://whois.arin.net/rest/poc/ROLEA19-ARIN

OrgAbuseHandle: AANO1-ARIN
OrgAbuseName: Amazon AWS Network Operations
OrgAbusePhone: +1-206-266-2178
OrgAbuseEmail: aes-noc@amazon.com
OrgAbuseRef: http://whois.arin.net/rest/poc/AANO1-ARIN

# end

#
# ARIN WHOIS data and services are subject to the Terms of Use
# available at: https://www.arin.net/whois_tou.html
#

Lines containing IP:54.205.49.5 in /var/log/auth.log

Apr 27 04:58:55 vps3 sshd[4838]: Invalid user support from 54.205.49.5
Apr 27 04:58:55 vps3 sshd[4842]: Invalid user admin from 54.205.49.5
Apr 27 04:58:55 vps3 sshd[4840]: Invalid user ubnt from 54.205.49.5
Apr 27 04:58:55 vps3 sshd[4846]: Invalid user D-Link from 54.205.49.5
Apr 27 04:58:55 vps3 sshd[4853]: Invalid user cisco from 54.205.49.5
Apr 27 04:58:55 vps3 sshd[4846]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=ec2-54-205-49-5.compute-1.amazonaws.com
Apr 27 04:58:55 vps3 sshd[4853]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=ec2-54-205-49-5.compute-1.amazonaws.com
Apr 27 04:58:55 vps3 sshd[4842]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=ec2-54-205-49-5.compute-1.amazonaws.com
Apr 27 04:58:55 vps3 sshd[4844]: Invalid user PlcmSpIp from 54.205.49.5
Apr 27 04:58:55 vps3 sshd[4840]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=ec2-54-205-49-5.compute-1.amazonaws.com
Apr 27 04:58:55 vps3 sshd[4847]: Invalid user admin from 54.205.49.5
Apr 27 04:58:55 vps3 sshd[4848]: Invalid user admin from 54.205.49.5
Apr 27 04:58:55 vps3 sshd[4847]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=ec2-54-205-49-5.compute-1.amazonaws.com
Apr 27 04:58:55 vps3 sshd[4844]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=ec2-54-205-49-5.compute-1.amazonaws.com
Apr 27 04:58:55 vps3 sshd[4849]: Invalid user draytek from 54.205.49.5
Apr 27 04:58:55 vps3 sshd[4848]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=ec2-54-205-49-5.compute-1.amazonaws.com
Apr 27 04:58:55 vps3 sshd[4856]: Invalid user helen from 54.205.49.5
Apr 27 04:58:55 vps3 sshd[4838]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=ec2-54-205-49-5.compute-1.amazonaws.com
Apr 27 04:58:55 vps3 sshd[4856]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=ec2-54-205-49-5.compute-1.amazonaws.com
Apr 27 04:58:55 vps3 sshd[4839]: Invalid user admin from 54.205.49.5
Apr 27 04:58:55 vps3 sshd[4849]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=ec2-54-205-49-5.compute-1.amazonaws.com
Apr 27 04:58:55 vps3 sshd[4839]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=ec2-54-205-49-5.compute-1.amazonaws.com
Apr 27 04:58:55 vps3 sshd[4845]: Invalid user admin from 54.205.49.5
Apr 27 04:58:55 vps3 sshd[4852]: Invalid user test from 54.205.49.5
Apr 27 04:58:55 vps3 sshd[4845]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=ec2-54-205-49-5.compute-1.amazonaws.com
Apr 27 04:58:55 vps3 sshd[4850]: Invalid user guest from 54.205.49.5
Apr 27 04:58:55 vps3 sshd[4852]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=ec2-54-205-49-5.compute-1.amazonaws.com
Apr 27 04:58:55 vps3 sshd[4850]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=ec2-54-205-49-5.compute-1.amazonaws.com
Apr 27 04:58:55 vps3 sshd[4843]: Invalid user PlcmSpIp from 54.205.49.5
Apr 27 04:58:55 vps3 sshd[4843]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=ec2-54-205-49-5.compute-1.amazonaws.com
Apr 27 04:58:55 vps3 sshd[4872]: Invalid user majordomo from 54.205.49.5
Apr 27 04:58:55 vps3 sshd[4872]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=ec2-54-205-49-5.compute-1.amazonaws.com
Apr 27 04:58:55 vps3 sshd[4873]: Invalid user george from 54.205.49.5
Apr 27 04:58:55 vps3 sshd[4873]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=ec2-54-205-49-5.compute-1.amazonaws.com
Apr 27 04:58:55 vps3 sshd[4851]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=ec2-54-205-49-5.compute-1.amazonaws.com user=root
Apr 27 04:58:55 vps3 sshd[4841]: Invalid user adm from 54.205.49.5
Apr 27 04:58:55 vps3 sshd[4841]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=ec2-54-205-49-5.compute-1.amazonaws.com
Apr 27 04:58:56 vps3 sshd[4842]: Failed password for invalid user admin from 54.205.49.5 port 38123 ssh2
Apr 27 04:58:56 vps3 sshd[4853]: Failed password for invalid user cisco from 54.205.49.5 port 38139 ssh2
Apr 27 04:58:56 vps3 sshd[4840]: Failed password for invalid user ubnt from 54.205.49.5 port 38122 ssh2
Apr 27 04:58:56 vps3 sshd[4846]: Failed password for invalid user D-Link from 54.205.49.5 port 38127 ssh2
Apr 27 04:58:56 vps3 sshd[4847]: Failed password for invalid user admin from 54.205.49.5 port 38128 ssh2
Apr 27 04:58:56 vps3 sshd[4848]: Failed password for invalid user admin from 54.205.49.5 port 38130 ssh2
Apr 27 04:58:56 vps3 sshd[4844]: Failed password for invalid user PlcmSpIp from 54.205.49.5 port 38125 ssh2
Apr 27 04:58:56 vps3 sshd[4838]: Failed password for invalid user support from 54.205.49.5 port 38121 ssh2
Apr 27 04:58:56 vps3 sshd[4849]: Failed password for invalid user draytek from 54.205.49.5 port 38132 ssh2
Apr 27 04:58:56 vps3 sshd[4856]: Failed password for invalid user helen from 54.205.49.5 port 38143 ssh2
Apr 27 04:58:56 vps3 sshd[4839]: Failed password for invalid user admin from 54.205.49.5 port 38120 ssh2
Apr 27 04:58:56 vps3 sshd[4845]: Failed password for invalid user admin from 54.205.49.5 port 38129 ssh2
Apr 27 04:58:56 vps3 sshd[4852]: Failed password for invalid user test from 54.205.49.5 port 38137 ssh2
Apr 27 04:58:56 vps3 sshd[4850]: Failed password for invalid user guest from 54.205.49.5 port 38134 ssh2
Apr 27 04:58:56 vps3 sshd[4853]: Connection closed by 54.205.49.5 [preauth]
Apr 27 04:58:56 vps3 sshd[4846]: Connection closed by 54.205.49.5 [preauth]
Apr 27 04:58:56 vps3 sshd[4842]: Connection closed by 54.205.49.5 [preauth]
Apr 27 04:58:56 vps3 sshd[4843]: Failed password for invalid user PlcmSpIp from 54.205.49.5 port 38124 ssh2
Apr 27 04:58:56 vps3 sshd[4840]: Connection closed by 54.205.49.5 [preauth]
Apr 27 04:58:56 vps3 sshd[4847]: Connection closed by 54.205.49.5 [preauth]
Apr 27 04:58:56 vps3 sshd[4844]: Connection closed by 54.205.49.5 [preauth]
Apr 27 04:58:56 vps3 sshd[4848]: Connection closed by 54.205.49.5 [preauth]
Apr 27 04:58:56 vps3 sshd[4838]: Connection closed by 54.205.49.5 [preauth]
Apr 27 04:58:56 vps3 sshd[4856]: Connection closed by 54.205.49.5 [preauth]
Apr 27 04:58:56 vps3 sshd[4849]: Connection closed by 54.205.49.5 [preauth]
Apr 27 04:58:56 vps3 sshd[4839]: Connection closed by 54.205.49.5 [preauth]
Apr 27 04:58:56 vps3 sshd[4845]: Connection closed by 54.205.49.5 [preauth]
Apr 27 04:58:56 vps3 sshd[4852]: Connection closed by 54.205.49.5 [preauth]
Apr 27 04:58:56 vps3 sshd[4850]: Connection closed by 54.205.49.5 [preauth]
Apr 27 04:58:56 vps3 sshd[4843]: Connection closed by 54.205.49.5 [preauth]
Apr 27 04:58:56 vps3 sshd[4872]: Failed password for invalid user majordomo from 54.205.49.5 port 38155 ssh2
Apr 27 04:58:56 vps3 sshd[4872]: Connection closed by 54.205.49.5 [preauth]
Apr 27 04:58:56 vps3 sshd[4873]: Failed password for invalid user george from 54.205.49.5 port 38156 ssh2
Apr 27 04:58:56 vps3 sshd[4851]: Failed password for root from 54.205.49.5 port 38136 ssh2
Apr 27 04:58:56 vps3 sshd[4873]: Connection closed by 54.205.49.5 [preauth]
Apr 27 04:58:56 vps3 sshd[4841]: Failed password for invalid user adm from 54.205.49.5 port 38126 ssh2
Apr 27 04:58:56 vps3 sshd[4851]: Connection closed by 54.205.49.5 [preauth]
Apr 27 04:58:56 vps3 sshd[4841]: Connection closed by 54.205.49.5 [preauth]