Thanks everyone for your input! I already had root access disabled via sshd config. I will look into fail2ban as it sounds like it remedies the problem I'm having.
@Nick - I'm talking about attacks directed at the node, not going through it.
Thanks, Bryan
On Fri, Aug 2, 2013 at 2:04 PM, Marina Brown catskillmarina@gmail.comwrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 08/02/2013 03:18 PM, Bryan Carey wrote:
Is there any kind of compiled list of IPs that relay operators can refer to that are known bad IPs (sources of brute force SSH attempts, etc.)? Is there a reason to NOT block (drop) traffic from these IPs?
Here are some that I have seen recently trying to brute force common user accounts and root password attempts: 198.50.197.98 220.161.148.178 223.4.217.47 199.187.125.250 175.99.95.252 62.64.83.38 125.209.110.234 37.235.53.172
To block these types of attempts i disable root access in /etc/ssh/sshd_conf and i run fail2ban with a very strict ruleset for sshd in /etc/fail2ban/jail.conf. Turn the bantime way up and put the retries low like 2-3.
Fail2ban adds abusive ip addresses to the iptables in linux. You can save the rulesets if you like with a cron job.
- --- Marina
Also, in general what are some good security practices to keep in mind while running a Tor relay?
Thanks, Bryan
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iQIcBAEBAgAGBQJR/BDXAAoJEEy/Yrjnmw6c4TEP/Rbl1wtepRS5uDIv/OIBzxYS VlkhTbVlgRh9fT2dK7IvHlQH0bTeQkt2sDxx4lWZJ2k157a6V2UDHuo7wZuz6NFq FU4N7tKUIgrfyjJi24O8YKskR3XJyayTnF71fyydWUbLhzMGgGLAePr6YpYtERci xRFfWRPbCx7zmWobR0SWtJdco+8ObsTDB6UDhn0HMPcFq5jc8+QE0j+R5/AOjFib F+r0KbUNscBQ6qqnjr8ufvoEP4Npy+0/tLG0tF1aSR6nQz1bHpf/piyjjns3N4Wt +a50QaXIQqUVNkgNo8KQfCDd6xktKGXtSqoaJJZulQ/37RiUhCZzkSsYZ1qa6PO/ F+k/5CJHScRblV8F5wkBJBeiFYbqMUdhF8aP5dFkHsDLL423HHYANxWfn2+ytT2A zHxd4Z9xxCDc5+X/OvCc/lM/NChDaHgFckY8yDCvoBKXkkts9RHbdnsNYIEJCnnl qcerY9JlFTrXbcDh1QDEkrL3yphTYTFHVb9QBMID+6xOoz2AIiy0ya9P5StoSSmB 3G/PC+DwlMzoVyoEsG7hw53EkZkeHvCnctTubIq3LGqxEgr6wJyRdTd4ONL0joZM mHsZlmE3Dko0ae4yYGcvdl62TPrDKvRT52sNROhSE2K+wv3nWVevKbM9zwmWW+lI xeH9tafItWfW9aI94Kyc =AKRd -----END PGP SIGNATURE----- _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays