Chinese Government Shows 'Interest'

It's no surprise that a lot of cyberattacks originate from the the 'excellent' People's Republic of China. Some of these attacks are funded by or even originating from the Chinese government. Well, the latter is definitely true.

My (private) ssh server is a point of interest to the Chinese government, since they are trying to get in.

Every couple minutes a possible break-in entry is recorded in my logs. I guess that they decided not to hammer the front door, in order to evade automatic blacklisting of the originating IP.

reverse mapping checking getaddrinfo for mail.zdpri.gov.cn [218.108.28.189] failed - POSSIBLE BREAK-IN ATTEMPT!

I checked the IP and it seems to host the web-mail for the Zhejang prov. Development Planning & Research Institute [1].

I guess it's time to tighten the timers on blacklisting.....

B.t.w. The reporting on the IP was provided by Splunk. Excellent tool for digging in logfiles and reporting.

Posted on November 18, 2010 and filed under Annoying, Security.