-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 08/02/2013 03:18 PM, Bryan Carey wrote:
Is there any kind of compiled list of IPs that relay operators can refer to that are known bad IPs (sources of brute force SSH attempts, etc.)? Is there a reason to NOT block (drop) traffic from these IPs?
Here are some that I have seen recently trying to brute force common user accounts and root password attempts: 198.50.197.98 220.161.148.178 223.4.217.47 199.187.125.250 175.99.95.252 62.64.83.38 125.209.110.234 37.235.53.172
To block these types of attempts i disable root access in /etc/ssh/sshd_conf and i run fail2ban with a very strict ruleset for sshd in /etc/fail2ban/jail.conf. Turn the bantime way up and put the retries low like 2-3.
Fail2ban adds abusive ip addresses to the iptables in linux. You can save the rulesets if you like with a cron job.
- --- Marina
Also, in general what are some good security practices to keep in mind while running a Tor relay?
Thanks, Bryan
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays