Home > IT, Security > SSH Brute Force Attempts — GeoLocation

SSH Brute Force Attempts — GeoLocation

August 4th, 2009 Leave a comment Go to comments

A couple of weeks ago, I posted regarding the logs of some SSH bruce force attempts I had logged on my server, and was looking through. One of the comments was asking for geolocation of the IP Addresses. Tonight I decided to make use of the service available at ip2location.com and geolocate each of the IPs that I had. I'm actually fairly impressed with the service, you can do 20 lookups per IP per day unregistered and if you register you can do 200 lookups per IP per day. I registered and then pasted my entire list into a textbox they provide and it looked them all up at once and provided the results.

Here are the screenshots. It was a small set of IPs, but the top three countries were China, USA, Poland.

Categories: IT, Security Tags: , ,
  1. Christian
    August 4th, 2009 at 22:33 | #1
    Reply | Quote

    If you want to get around the 20 IP lookups a day you can download a database (flat file) from here http://software77.net/geo-ip/

    It's just a matter of hacking up some perl to query the database and voila. I can't recall if they have perl snippets on their site, but if you want some of the code I can shoot you some of my stuff.

    Cheers,

    Christian

  2. Christian
    August 4th, 2009 at 22:34 | #2
    Reply | Quote

    Bump (because i want to subscribe to this too and forgot to click it! – sorry)

  1. No trackbacks yet.