Two previous rounds of analysis using IP geolocation with Whois (Part 1 and Part 2) revealed that 40% to 45% of network intrusion attempts arriving at my public-facing SSH port could be traced back to Chinese hackers, and 20% to 25% to attackers in Russia and Eastern Europe. The tally is now in from a third round of observations, boasting a significantly longer integration period (more than four months versus about six to seven weeks in the earlier rounds) and yielding plenty of interesting and even unexpected results. Continue reading →

Late breaking articles from the New York Times and Wall Street Journal this evening caught my eye, wherein one seriously pissed off Google Inc opens up a surprisingly hard line against Beijing: Continue reading →

Time to tally up the new results since my last report on network intruder geolocation using Whois. Will the trend showing two-thirds of attackers as hailing from China, Russia and the former Soviet bloc hold for this new integration period? Place your bets. Continue reading →

Let’s have a look at who’s been trying to break into SSH service on my development server recently, and where in the world they’re attacking from. Since I implemented fail2ban to trap out these attempted dictionary attacks, it’s logged the network addresses of all the culprits. Here’s who got caught in recent activity: Continue reading →