Search the Site

My Social
Meta
Powered by Squarespace
« First Paypal Spoof Ever | Main | Extension Tubes and Macro Photography »
Thursday
Nov182010

Chinese Government Shows 'Interest'

It's no surprise that a lot of cyberattacks originate from the the 'excellent' People's Republic of China. Some of these attacks are funded by or even originating from the Chinese government. Well, the latter is definitely true.

My (private) ssh server is a point of interest to the Chinese government, since they are trying to get in.

Every couple minutes a possible break-in entry is recorded in my logs. I guess that they decided not to hammer the front door, in order to evade automatic blacklisting of the originating IP.

reverse mapping checking getaddrinfo for mail.zdpri.gov.cn [218.108.28.189] failed - POSSIBLE BREAK-IN ATTEMPT!

I checked the IP and it seems to host the web-mail for the Zhejang prov. Development Planning & Research Institute [1].

I guess it's time to tighten the timers on blacklisting.....

B.t.w. The reporting on the IP was provided by Splunk. Excellent tool for digging in logfiles and reporting.

Reader Comments

There are no comments for this journal entry. To create a new comment, use the form below.

PostPost a New Comment

Enter your information below to add a new comment.

My response is on my own website »
Author Email (optional):
Author URL (optional):
Post:
 
Some HTML allowed: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <code> <em> <i> <strike> <strong>