Zack Weinberg:
On Mon, Dec 4, 2017 at 1:00 PM, s7r s7r@sky-ip.org wrote:
Zack Weinberg wrote:
With my exit node operator hat on, I too would like to see some sort of port-scanning prevention built into the network. In my case, I had to turn off exiting to the SSH port because we were getting daily complaints about abusive scanning for devices with weak admin passwords. Which is a shame, since there are plenty of legitimate uses for SSH-over-Tor.
...
I don't think this is the way to go, under any circumstances. Better to learn to make difference between junk notification and serious reports that require action or reply.
For the record, those daily complaints about abusive SSH scanning were serious reports requiring a reply. And they were not all from the same source.
I realize this issue of SSH brute forcing via exit nodes is old news, but what is remarkable to me is that:
1. anyone cares about SSH brute force attacks if they are using keys and passwords for SSH authentication
2. who in the world has the time to investigate SSH brute force attacks, and if they do, maybe they had enough time to notice that it was from a Tor exit IP?
/rant
g