<div dir="ltr">Thanks everyone for your input! I already had root access disabled via sshd config. I will look into fail2ban as it sounds like it remedies the problem I'm having.<div><br></div><div>@Nick - I'm talking about attacks directed at the node, not going through it.</div>
<div><br></div><div>Thanks,</div><div>Bryan</div></div><div class="gmail_extra"><br><br><div class="gmail_quote">On Fri, Aug 2, 2013 at 2:04 PM, Marina Brown <span dir="ltr"><<a href="mailto:catskillmarina@gmail.com" target="_blank">catskillmarina@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">-----BEGIN PGP SIGNED MESSAGE-----<br>
Hash: SHA1<br>
<div class="im"><br>
On 08/02/2013 03:18 PM, Bryan Carey wrote:<br>
> Is there any kind of compiled list of IPs that relay operators can<br>
> refer to that are known bad IPs (sources of brute force SSH<br>
> attempts, etc.)? Is there a reason to NOT block (drop) traffic from<br>
> these IPs?<br>
><br>
> Here are some that I have seen recently trying to brute force<br>
> common user accounts and root password attempts: 198.50.197.98<br>
> 220.161.148.178 223.4.217.47 199.187.125.250 175.99.95.252<br>
> 62.64.83.38 125.209.110.234 37.235.53.172<br>
><br>
<br>
</div>To block these types of attempts i disable root access in<br>
/etc/ssh/sshd_conf and i run fail2ban with a very strict ruleset for<br>
sshd in /etc/fail2ban/jail.conf. Turn the bantime way up and put the<br>
retries low like 2-3.<br>
<br>
Fail2ban adds abusive ip addresses to the iptables in linux. You can<br>
save the rulesets if you like with a cron job.<br>
<br>
- --- Marina<br>
<div class="im"><br>
<br>
> Also, in general what are some good security practices to keep in<br>
> mind while running a Tor relay?<br>
><br>
> Thanks, Bryan<br>
><br>
><br>
</div><div class="im">> _______________________________________________ tor-relays mailing<br>
> list <a href="mailto:tor-relays@lists.torproject.org">tor-relays@lists.torproject.org</a><br>
> <a href="https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays" target="_blank">https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays</a><br>
<br>
</div>-----BEGIN PGP SIGNATURE-----<br>
Version: GnuPG v1.4.12 (GNU/Linux)<br>
Comment: Using GnuPG with Mozilla - <a href="http://enigmail.mozdev.org/" target="_blank">http://enigmail.mozdev.org/</a><br>
<br>
iQIcBAEBAgAGBQJR/BDXAAoJEEy/Yrjnmw6c4TEP/Rbl1wtepRS5uDIv/OIBzxYS<br>
VlkhTbVlgRh9fT2dK7IvHlQH0bTeQkt2sDxx4lWZJ2k157a6V2UDHuo7wZuz6NFq<br>
FU4N7tKUIgrfyjJi24O8YKskR3XJyayTnF71fyydWUbLhzMGgGLAePr6YpYtERci<br>
xRFfWRPbCx7zmWobR0SWtJdco+8ObsTDB6UDhn0HMPcFq5jc8+QE0j+R5/AOjFib<br>
F+r0KbUNscBQ6qqnjr8ufvoEP4Npy+0/tLG0tF1aSR6nQz1bHpf/piyjjns3N4Wt<br>
+a50QaXIQqUVNkgNo8KQfCDd6xktKGXtSqoaJJZulQ/37RiUhCZzkSsYZ1qa6PO/<br>
F+k/5CJHScRblV8F5wkBJBeiFYbqMUdhF8aP5dFkHsDLL423HHYANxWfn2+ytT2A<br>
zHxd4Z9xxCDc5+X/OvCc/lM/NChDaHgFckY8yDCvoBKXkkts9RHbdnsNYIEJCnnl<br>
qcerY9JlFTrXbcDh1QDEkrL3yphTYTFHVb9QBMID+6xOoz2AIiy0ya9P5StoSSmB<br>
3G/PC+DwlMzoVyoEsG7hw53EkZkeHvCnctTubIq3LGqxEgr6wJyRdTd4ONL0joZM<br>
mHsZlmE3Dko0ae4yYGcvdl62TPrDKvRT52sNROhSE2K+wv3nWVevKbM9zwmWW+lI<br>
xeH9tafItWfW9aI94Kyc<br>
=AKRd<br>
-----END PGP SIGNATURE-----<br>
<div class="HOEnZb"><div class="h5">_______________________________________________<br>
tor-relays mailing list<br>
<a href="mailto:tor-relays@lists.torproject.org">tor-relays@lists.torproject.org</a><br>
<a href="https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays" target="_blank">https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays</a><br>
</div></div></blockquote></div><br></div>