[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ale] [OT] Chinese brute-force network?

Subject: [ale] [OT] Chinese brute-force network?
From: agcarver+ale at acarver.net (Alex Carver)
Date: Thu, 29 May 2014 13:59:30 -0700
In-reply-to: <CAPfJb3qQwPuzen5MXP6hDWBy0bdm9uctt3X+6=e1vDmjn7SKeQ@mail.gmail.com>
References: <20140529160317.33569016@dustin-dell> <CAEo=5PyeiEDgq+8Y6CwLXtveexYBtKK1jePc2ECk+0_KnJo-yw@mail.gmail.com> <CAPfJb3q9ymtarc8iskTug2Wh=Ug=A01P4d6j-98b7EPELc3BDA@mail.gmail.com> <CAPfJb3qQwPuzen5MXP6hDWBy0bdm9uctt3X+6=e1vDmjn7SKeQ@mail.gmail.com>

On 2014-05-29 13:48, Chuck Payne wrote:
> If it helps, here are the ones attacking lately
> 
> 
> Attempts116.10.191
> 40
> 61.174.51
> 34
> 119.188.7
> 9
> 

I block whole swaths of netblocks anytime someone does a probe or attack
like this.  My iptables drop list currently has over 250 lines of CIDR
entries with most being a minimum netblock size of /15.  I can send you
the list if you want it to drop on your system.

I don't have 116.10 but I do have a couple 116 entries already loaded.
Two of them are China (116.76.0.0/15 and 116.255.128.0/17) and one in
Pakistan (116.71.0.0/16).  They make it to the list if they've been
probing steadily for a couple days.

References:
- [ale] [OT] Chinese brute-force network?
  - From: dustin.h.strickland at gmail.com (Dustin Strickland)
- [ale] [OT] Chinese brute-force network?
  - From: jim.kinney at gmail.com (Jim Kinney)
- [ale] [OT] Chinese brute-force network?
  - From: terrorpup at gmail.com (Chuck Payne)
- [ale] [OT] Chinese brute-force network?
  - From: terrorpup at gmail.com (Chuck Payne)

Prev by Date: [ale] [OT] Chinese brute-force network?
Next by Date: [ale] zypper install remove conundrum, kindly help
Previous by thread: [ale] [OT] Chinese brute-force network?
Next by thread: [ale] [OT] Chinese brute-force network?
Index(es):
- Date
- Thread