Category Archives: KORNET

[Fail2Ban] ssh: banned 125.132.45.34

Hi,

The IP 125.132.45.34 has just been banned by Fail2Ban after
6 attempts against ssh.

Here are more information about 125.132.45.34:

query : 125.132.45.34

# KOREAN(UTF8)

조회하신 IPv4주소는 한국인터넷진흥원으로부터 아래의 관리대행자에게 할당되었으며, 할당 정보는 다음과 같습니다.

[ 네트워크 할당 정보 ]
IPv4주소 : 125.128.0.0 – 125.159.255.255 (/11)
서비스명 : KORNET
기관명 : 주식회사 케이티
기관고유번호 : ORG1600
주소 : 경기도 성남시 분당구 불정로 90 (정자동) 한국통신 e-Biz본부 기획팀
우편번호 : 463-711
할당일자 : 20050822

[ IPv4주소 책임자 정보 ]
이름 : IP주소관리자
전화번호 : +82-2-500-6630
전자우편 : kornet_ip@kt.com

[ IPv4주소 담당자 정보 ]
이름 : IP주소담당자
전화번호 : +82-2-500-6630
전자우편 : kornet_ip@kt.com

[ 스팸 해킹 담당자 정보 ]
이름 : 스팸/해킹담당
전화번호 : +82-2-100-0000
전자우편 : abuse@kornet.net

——————————————————————————–

조회하신 IPv4주소에 대한 위 관리대행자의 사용자 할당정보가 존재하지 않습니다.

# ENGLISH

KRNIC is not an ISP but a National Internet Registry similar to APNIC.

[ Network Information ]
IPv4 Address : 125.128.0.0 – 125.159.255.255 (/11)
Service Name : KORNET
Organization Name : Korea Telecom
Organization ID : ORG1600
Address : 206, Gyeonggi-do Bundang-gu, Seongnam-si Buljeong-ro
Zip Code : 463-711
Registration Date : 20050822

[ Admin Contact Information ]
Name : IP Administrator
Phone : +82-2-500-6630
E-Mail : kornet_ip@kt.com

[ Tech Contact Information ]
Name : IP Manager
Phone : +82-2-500-6630
E-Mail : kornet_ip@kt.com

[ Network Abuse Contact Information ]
Name : Network Abuse
Phone : +82-2-100-0000
E-Mail : abuse@kornet.net

– KISA/KRNIC Whois Service –

Lines containing IP:125.132.45.34 in /var/log/auth.log

Apr 26 02:28:00 vps3 sshd[13075]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.132.45.34 user=root
Apr 26 02:28:03 vps3 sshd[13075]: Failed password for root from 125.132.45.34 port 46711 ssh2
Apr 26 02:28:03 vps3 sshd[13075]: Received disconnect from 125.132.45.34: 11: Bye Bye [preauth]
Apr 26 02:28:05 vps3 sshd[13082]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.132.45.34 user=root
Apr 26 02:28:08 vps3 sshd[13082]: Failed password for root from 125.132.45.34 port 47130 ssh2
Apr 26 02:28:08 vps3 sshd[13082]: Received disconnect from 125.132.45.34: 11: Bye Bye [preauth]
Apr 26 02:28:10 vps3 sshd[13084]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.132.45.34 user=root
Apr 26 02:28:12 vps3 sshd[13084]: Failed password for root from 125.132.45.34 port 47512 ssh2
Apr 26 02:28:12 vps3 sshd[13084]: Received disconnect from 125.132.45.34: 11: Bye Bye [preauth]
Apr 26 02:28:14 vps3 sshd[13086]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.132.45.34 user=root
Apr 26 02:28:16 vps3 sshd[13086]: Failed password for root from 125.132.45.34 port 47925 ssh2
Apr 26 02:28:16 vps3 sshd[13086]: Received disconnect from 125.132.45.34: 11: Bye Bye [preauth]
Apr 26 02:28:18 vps3 sshd[13088]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.132.45.34 user=root
Apr 26 02:28:21 vps3 sshd[13088]: Failed password for root from 125.132.45.34 port 48307 ssh2
Apr 26 02:28:21 vps3 sshd[13088]: Received disconnect from 125.132.45.34: 11: Bye Bye [preauth]
Apr 26 02:28:23 vps3 sshd[13090]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.132.45.34 user=root
Apr 26 02:28:26 vps3 sshd[13090]: Failed password for root from 125.132.45.34 port 48676 ssh2
Apr 26 02:28:26 vps3 sshd[13090]: Received disconnect from 125.132.45.34: 11: Bye Bye [preauth]