I created a simple tool to perform just a location lookup in the local database. The program reads and writes a NDJSON stream and therefore can be combined with other tools working on JSON streams like jq.
You can find the source code here:
I just started uploading some logs to Github:
I will continue until Github stops it in order to be able to do some statistic investigations.
My first impression is, that several attackers are not marked as hostile in the IPFire database although they are aggressively trying to hack my root password. What is requirement to get ranked as a hostile system?
That list is basically netblocks that are leased or stolen by professional spam or cyber-crime operations and are considered to be the worst of the worst of IP traffic.
Which root password are they trying to hack? Your IPFire root password should only be accessible via the physical console unless you have set up ssh access via the password and opened up access to the ssh terminal from the internet, which is something not recommended to be done.
If you need to do admin work on your IPFire console from the internet side it is best done using ssh with a key and accessing it from the green network via OpenVPN or IPSec.