I’m trying another approach to mapping the address spaces (IPv4 and IPv6 now). It’s more or less the same process as before, but different classification criteria, and different grouping criteria. Single IPs are the order of the day, rather than ranges, and it’s all about confirmed contacts from each IP. I don’t know what it will turn up, but it’s interesting to see the patterns forming so quickly.
You can check out the IP ranges observed so far if you’re curious.
Note that these lists are not exhaustive. If I’m unsure about an entry (if it’s a bot, real person, etc.), I don’t add it.
I just noticed that I’m so in the habit of locking down ssh to my jumphost that I did it on my listeners, so I don’t have any ssh brute-force data yet. Oops. Unfiltered now, so expect to see some ssh brute force tags in the ranges above in the next day or two.