RIPE DB FAIL2BAN

May 19, 2017 417 views
Firewall Ubuntu 16.04

Is there anything to know about this fail2ban notification? I ask because all my other notifications don't have this RIPE DB query notification, so i'm wondering if this is something the hacker tried to access?

Hi,

The IP 91.197.232.11 has just been banned by Fail2Ban after
2 attempts against sshd.


Here is more information about 91.197.232.11 :

% This is the RIPE Database query service.
% The objects are in RPSL format.
%
% The RIPE Database is subject to Terms and Conditions.
% See http://www.ripe.net/db/support/db-terms-conditions.pdf

% Note: this output has been filtered.
%       To receive output for a database update, use the "-B" flag.

% Information related to '91.197.232.0 - 91.197.235.255'

% Abuse contact for '91.197.232.0 - 91.197.235.255' is 'noc@planet-telecom.eu'

inetnum:        91.197.232.0 - 91.197.235.255
netname:        PLANET-TELECOM-NET
country:        CZ
org:            ORG-PTL7-RIPE
admin-c:        PTN21-RIPE
tech-c:         PTN21-RIPE
status:         ASSIGNED PI
mnt-by:         RIPE-NCC-END-MNT
mnt-by:         MNT-PLANET-TELECOM
mnt-routes:     MNT-PLANET-TELECOM
mnt-domains:    MNT-PLANET-TELECOM
mnt-routes:     MNT-3W-INFRA
created:        2007-09-18T09:04:58Z
last-modified:  2016-06-03T13:03:33Z
source:         RIPE
sponsoring-org: ORG-NA225-RIPE

organisation:   ORG-PTL7-RIPE
org-name:       Planet Telecom Ltd.
org-type:       OTHER
address:        Sokolovska 395, 186 00 Praha 8, Prague, Czech Republic
abuse-c:        PTN21-RIPE
mnt-ref:        MNT-PLANET-TELECOM
mnt-by:         MNT-PLANET-TELECOM
created:        2007-09-15T14:57:20Z
last-modified:  2016-03-23T09:42:12Z
source:         RIPE # Filtered

role:           Planet Telecom NOC
address:        Sokolovska 395
address:        186 00 Praha 8
abuse-mailbox:  noc@planet-telecom.eu
address:        Prague
address:        Czech Republic
phone:          +420234262111
nic-hdl:        PTN21-RIPE
mnt-by:         MNT-PLANET-TELECOM
created:        2016-03-15T20:48:44Z
last-modified:  2016-03-23T09:42:33Z
source:         RIPE # Filtered

% Information related to '91.197.232.0/24AS43715'

route:          91.197.232.0/24
origin:         AS43715
mnt-by:         MNT-PLANET-TELECOM
created:        2016-03-23T09:37:31Z
last-modified:  2016-03-23T09:37:31Z
source:         RIPE

% This query was served by the RIPE Database Query Service version 1.88.1 (HEREFORD)


Lines containing IP:91.197.232.11 in /var/log/auth.log

May 18 22:55:29 droplet-1 sshd[6022]: Invalid user 0 from 91.197.232.11
May 18 22:55:29 droplet-1 sshd[6022]: Connection closed by 91.197.232.11 port 53193 [preauth]
May 18 22:55:31 droplet-1 sshd[6024]: Invalid user 0000 from 91.197.232.11
May 18 22:55:31 droplet-1 sshd[6024]: Connection closed by 91.197.232.11 port 36185 [preauth]


Regards,

Fail2Ban
1 Answer
Woet May 19, 2017
Accepted Answer

It's just information about the IP address. These notifications are pointless.

Have another answer? Share your knowledge.