Tag Archives: 191.234.33.0

[Fail2Ban] ssh: banned 191.234.33.0

Hi,

The IP 191.234.33.0 has just been banned by Fail2Ban after
6 attempts against ssh.

Here are more information about 191.234.33.0:

% Joint Whois – whois.lacnic.net
% This server accepts single ASN, IPv4 or IPv6 queries

% Brazilian resource: whois.registro.br

% Copyright (c) Nic.br
% The use of the data below is only permitted as described in
% full by the terms of use at http://registro.br/termo/en.html ,
% being prohibited its distribution, comercialization or
% reproduction, in particular, to use it for advertising or
% any similar purpose.
% 2014-04-30 04:40:01 (BRT -03:00)

inetnum: 191.232/14
aut-num: AS8075
abuse-c: BEORN2
owner: Microsoft Informatica Ltda
ownerid: 060.316.817/0001-03
responsible: Benjamin Orndorff
country: BR
owner-c: BEORN2
tech-c: BEORN2
inetrev: 191.234.32/19
nserver: ns1.msft.net
nsstat: 20140427 AA
nslastaa: 20140427
nserver: ns2.msft.net
nsstat: 20140427 AA
nslastaa: 20140427
nserver: ns3.msft.net
nsstat: 20140427 AA
nslastaa: 20140427
nserver: ns4.msft.net
nsstat: 20140427 AA
nslastaa: 20140427
nserver: ns5.msft.net
nsstat: 20140427 AA
nslastaa: 20140427
created: 20130911
changed: 20130911

nic-hdl-br: BEORN2
person: Benjamin Orndorff
e-mail: domains@microsoft.com
created: 20110810
changed: 20131212

% Security and mail abuse issues should also be addressed to
% cert.br, http://www.cert.br/, respectivelly to cert@cert.br
% and mail-abuse@cert.br
%
% whois.registro.br accepts only direct match queries. Types
% of queries are: domain (.br), registrant (tax ID), ticket,
% provider, contact handle (ID), CIDR block, IP and ASN.

Lines containing IP:191.234.33.0 in /var/log/auth.log

Apr 30 03:39:25 vps3 sshd[32270]: Did not receive identification string from 191.234.33.0
Apr 30 03:39:31 vps3 sshd[32272]: Invalid user admin from 191.234.33.0
Apr 30 03:39:31 vps3 sshd[32272]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=191.234.33.0
Apr 30 03:39:33 vps3 sshd[32272]: Failed password for invalid user admin from 191.234.33.0 port 1041 ssh2
Apr 30 03:39:33 vps3 sshd[32272]: Received disconnect from 191.234.33.0: 3: com.jcraft.jsch.JSchException: Auth fail [preauth]
Apr 30 03:39:44 vps3 sshd[32274]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=191.234.33.0 user=root
Apr 30 03:39:45 vps3 sshd[32274]: Failed password for root from 191.234.33.0 port 1040 ssh2
Apr 30 03:39:45 vps3 sshd[32274]: Received disconnect from 191.234.33.0: 3: com.jcraft.jsch.JSchException: Auth fail [preauth]
Apr 30 03:39:49 vps3 sshd[32276]: Invalid user guest from 191.234.33.0
Apr 30 03:39:49 vps3 sshd[32276]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=191.234.33.0
Apr 30 03:39:51 vps3 sshd[32276]: Failed password for invalid user guest from 191.234.33.0 port 1042 ssh2
Apr 30 03:39:51 vps3 sshd[32276]: Received disconnect from 191.234.33.0: 3: com.jcraft.jsch.JSchException: Auth fail [preauth]
Apr 30 03:39:58 vps3 sshd[32278]: Invalid user ubnt from 191.234.33.0
Apr 30 03:39:58 vps3 sshd[32278]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=191.234.33.0
Apr 30 03:40:00 vps3 sshd[32278]: Failed password for invalid user ubnt from 191.234.33.0 port 1043 ssh2
Apr 30 03:40:00 vps3 sshd[32278]: Received disconnect from 191.234.33.0: 3: com.jcraft.jsch.JSchException: Auth fail [preauth]