When I checked the fail2ban log on one of my servers today, I found that fail2ban had banned IP address
221.229.172.35 for failed attempts to log into the system
via Secure
Shell (SSH).# tail -n 10 /var/log/fail2ban.log 2016-08-09 10:12:56,296 fail2ban.filter [1590]: INFO [sshd] Found 221.229.172.35 2016-08-09 10:12:57,914 fail2ban.filter [1590]: INFO [sshd] Found 221.229.172.35 2016-08-09 10:12:58,663 fail2ban.filter [1590]: INFO [sshd] Found 221.229.172.35 2016-08-09 10:12:59,143 fail2ban.filter [1590]: INFO [sshd] Found 221.229.172.35 2016-08-09 10:12:59,870 fail2ban.actions [1590]: NOTICE [sshd] Ban 221.229.172.35 2016-08-09 10:13:00,591 fail2ban.filter [1590]: INFO [sshd] Found 221.229.172.35 2016-08-09 10:13:01,298 fail2ban.filter [1590]: INFO [sshd] Found 221.229.172.35 2016-08-09 10:13:01,522 fail2ban.filter [1590]: INFO [sshd] Found 221.229.172.35 2016-08-09 10:13:03,538 fail2ban.filter [1590]: INFO [sshd] Found 221.229.172.35 2016-08-09 10:13:04,075 fail2ban.filter [1590]: INFO [sshd] Found 221.229.172.35 #
When I checked the country where that IP address is assigned using the
geoiplookup tool, I found it is assigned to an entity in China. The tool
is in GeoIP, a
geolocation
package, which can be installed on
Red Hat
derived distributions of Linux, such as
CentOS with
yum install geoip. The free version of the software which I use is
provided by MaxMind
$ geoiplookup 221.229.172.35 GeoIP Country Edition: CN, China $
[ More Info ]
