Home > IT, Security > SSH Brute Force Attempts — GeoLocation

SSH Brute Force Attempts — GeoLocation

August 4th, 2009 Leave a comment Go to comments

A couple of weeks ago, I posted regarding the logs of some SSH bruce force attempts I had logged on my server, and was looking through. One of the comments was asking for geolocation of the IP Addresses. Tonight I decided to make use of the service available at ip2location.com and geolocate each of the IPs that I had. I'm actually fairly impressed with the service, you can do 20 lookups per IP per day unregistered and if you register you can do 200 lookups per IP per day. I registered and then pasted my entire list into a textbox they provide and it looked them all up at once and provided the results.

Here are the screenshots. It was a small set of IPs, but the top three countries were China, USA, Poland.

Categories: IT, Security Tags: , ,

This website uses IntenseDebate comments, but they are not currently loaded because either your browser doesn't support JavaScript, or they didn't load fast enough.

  1. Christian
    August 4th, 2009 at 22:33 | #1
    Reply | Quote

    If you want to get around the 20 IP lookups a day you can download a database (flat file) from here http://software77.net/geo-ip/

    It's just a matter of hacking up some perl to query the database and voila. I can't recall if they have perl snippets on their site, but if you want some of the code I can shoot you some of my stuff.

    Cheers,

    Christian

  2. Christian
    August 4th, 2009 at 22:34 | #2
    Reply | Quote

    Bump (because i want to subscribe to this too and forgot to click it! – sorry)

  1. No trackbacks yet.