fail2ban has been detecting large ranges of the C networks 18.104.22.168/24 and 22.214.171.124/24 trying to brute force our ssh logins.
This has been going on for weeks or even months (our fail2ban logs do not go back further than a month) even though fail2ban would temporarily block single IP addresses.
In fact there is anecdotic evidence that this has been going on for years and on a internet wide scale.
We have notified the ChinaNet contacts available via whois, but have not heard back from them.
So now those two networks have been completely blocked on an IP level.