What can be done about SSH brute force from 218.92.0.191

5 points by mianos ↗ HN
Over the last few months I have seen tens of thousands of ssh password attempts from this ip: 218.92.0.191.

That block lists anti-spam@ns.chinanet.cn.net as an anti spam address, to which I have sent reports, but the attempts continue. If I change my IP after a few days I get them again.

It is not a big deal for me, as it just goes to a tarpit and not a real ssh server, but it seems a massive waste of resources and maybe it will get some successful ssh accounts to launch more nefarious activities.

1 comment

[ 1.7 ms ] story [ 14.4 ms ] thread
Just IPTables drop the whole range, if not the whole ASN. Same as any other attacking range, if its administered by an unresponsive entity, then you have zero obligation to route their packets.