Dear list members, My iptables dump, as promised (v4). Updated every hour and available as long as my relay is alive ;-) I run a pretty tight ship, just one ssh user and harsh fail2ban settings. All these listed IP's are considered to be "the usual suspects". Please feel free to use it, should give you a jump start. It is getting pretty quiet now since i passed the 300+ ip's milestone. Download: https://www.urbach.org/~sebastian/rules.v4 -- Mit freundlichen Grüssen / Sincerely yours Sebastian Urbach ----------------------------------------- Definition of TOR: 10% luck, 20% skill, 15% concentrated power of will, 5% pleasure, 50% pain and 100% reason to remember the name! -----------------------------------------
On 11/11/14 02:03, Sebastian Urbach wrote:
Dear list members,
My iptables dump, as promised (v4). Updated every hour and available as long as my relay is alive ;-)
I run a pretty tight ship, just one ssh user and harsh fail2ban settings. All these listed IP's are considered to be "the usual suspects".
Please feel free to use it, should give you a jump start. It is getting pretty quiet now since i passed the 300+ ip's milestone.
Download:
Is it just me? Here is the error i get when accessing your website with firefox: ------------------------------------------------------------------ Secure Connection Failed An error occurred during a connection to www.urbach.org. The OCSP server has no status for the certificate. (Error code: sec_error_ocsp_unknown_cert) : ------------------------------------------------------------------ Krys
-- QtCreator/qmakeparser.cpp:42 ////////// Parser /////////// #define fL1S(s) QString::fromLatin1(s) namespace { // MSVC2010 doesn't seem to know the semantics of "static" ...
Hi, Thank you for catching the cert problem, i will fix this soon. Please use the following instead: https://www.ccc-hanau.de/~sebastian/rules.v4 Sorry. -- Mit freundlichen Grüssen / Sincerely yours Sebastian Urbach ----------------------------------------- Definition of Tor: 10% luck, 20% skill, 15% concentrated power of will, 5% pleasure, 50% pain and 100% reason to remember the name! ----------------------------------------- On November 15, 2014 8:43:33 AM Ch'Gans <chgans@gna.org> wrote:
On 11/11/14 02:03, Sebastian Urbach wrote:
Dear list members,
My iptables dump, as promised (v4). Updated every hour and available as long as my relay is alive ;-)
I run a pretty tight ship, just one ssh user and harsh fail2ban settings. All these listed IP's are considered to be "the usual suspects".
Please feel free to use it, should give you a jump start. It is getting pretty quiet now since i passed the 300+ ip's milestone.
Download:
Is it just me? Here is the error i get when accessing your website with firefox:
------------------------------------------------------------------ Secure Connection Failed
An error occurred during a connection to www.urbach.org. The OCSP server has no status for the certificate. (Error code: sec_error_ocsp_unknown_cert) : ------------------------------------------------------------------
Krys
-- QtCreator/qmakeparser.cpp:42 ////////// Parser /////////// #define fL1S(s) QString::fromLatin1(s) namespace { // MSVC2010 doesn't seem to know the semantics of "static" ... _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Sebastian, how do you distinguish between the usual low level noise of ssh brute force bots out there from more invasive attacks? Because this list is most likely just a bunch of internet background noise. Honestly, the safest thing to do is to NOT USE PASSWORD BASED LOGINS. But what would be even better is to firewall ssh out so you can't get in except from specific ips and/or through say port knocking. On Sat, Nov 15, 2014 at 3:46 AM, Sebastian Urbach <sebastian@urbach.org> wrote:
Hi,
Thank you for catching the cert problem, i will fix this soon.
Please use the following instead:
https://www.ccc-hanau.de/~sebastian/rules.v4
Sorry. -- Mit freundlichen Grüssen / Sincerely yours
Sebastian Urbach
----------------------------------------- Definition of Tor: 10% luck, 20% skill, 15% concentrated power of will, 5% pleasure, 50% pain and 100% reason to remember the name! -----------------------------------------
On November 15, 2014 8:43:33 AM Ch'Gans <chgans@gna.org> wrote:
On 11/11/14 02:03, Sebastian Urbach wrote:
Dear list members,
My iptables dump, as promised (v4). Updated every hour and available as long as my relay is alive ;-)
I run a pretty tight ship, just one ssh user and harsh fail2ban settings. All these listed IP's are considered to be "the usual suspects".
Please feel free to use it, should give you a jump start. It is getting pretty quiet now since i passed the 300+ ip's milestone.
Download:
Is it just me? Here is the error i get when accessing your website with firefox:
------------------------------------------------------------------ Secure Connection Failed
An error occurred during a connection to www.urbach.org. The OCSP server has no status for the certificate. (Error code: sec_error_ocsp_unknown_cert) : ------------------------------------------------------------------
Krys
-- QtCreator/qmakeparser.cpp:42 ////////// Parser /////////// #define fL1S(s) QString::fromLatin1(s) namespace { // MSVC2010 doesn't seem to know the semantics of "static" ... _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
Honestly, the safest thing to do is to NOT USE PASSWORD BASED LOGINS.
Amen. I wrote a script to scan the Tor network for password-based login availability. If I have the time and no one beats me to it, it'll lead to a site that warns relay operators about security problems with their servers. For example, I can combine it with basic, non-invasive nmap results to warn about non-essential network applications, old OS versions, and old Tor versions as well. - -Libertas eric gisse wrote:
Sebastian, how do you distinguish between the usual low level noise of ssh brute force bots out there from more invasive attacks?
Because this list is most likely just a bunch of internet background noise.
Honestly, the safest thing to do is to NOT USE PASSWORD BASED LOGINS. But what would be even better is to firewall ssh out so you can't get in except from specific ips and/or through say port knocking.
On Sat, Nov 15, 2014 at 3:46 AM, Sebastian Urbach <sebastian@urbach.org> wrote:
Hi,
Thank you for catching the cert problem, i will fix this soon.
Please use the following instead:
https://www.ccc-hanau.de/~sebastian/rules.v4
Sorry. -- Mit freundlichen Grüssen / Sincerely yours
Sebastian Urbach
----------------------------------------- Definition of Tor: 10% luck, 20% skill, 15% concentrated power of will, 5% pleasure, 50% pain and 100% reason to remember the name! -----------------------------------------
On November 15, 2014 8:43:33 AM Ch'Gans <chgans@gna.org> wrote:
On 11/11/14 02:03, Sebastian Urbach wrote:
Dear list members,
My iptables dump, as promised (v4). Updated every hour and available as long as my relay is alive ;-)
I run a pretty tight ship, just one ssh user and harsh fail2ban settings. All these listed IP's are considered to be "the usual suspects".
Please feel free to use it, should give you a jump start. It is getting pretty quiet now since i passed the 300+ ip's milestone.
Download:
Is it just me? Here is the error i get when accessing your website with firefox:
------------------------------------------------------------------
Secure Connection Failed
An error occurred during a connection to www.urbach.org. The OCSP server has no status for the certificate. (Error code: sec_error_ocsp_unknown_cert) : ------------------------------------------------------------------
Krys
-- QtCreator/qmakeparser.cpp:42 ////////// Parser /////////// #define fL1S(s) QString::fromLatin1(s) namespace { // MSVC2010 doesn't seem to know the semantics of "static" ... _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
-----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJUZ1W1AAoJELxHvGCsI27Ne6cP/A5Mn7KCXHvyG0KDhz1iBDPr JQOPYJX+PQcWlhmYYAuhZrVnj+Qv2Ra9L3IOJ6lgIIlCqocdaS8UViRMwBp/3Nxi 3e7P5wKYp08AyY+ga1vvEy6lOnVfQblBptYYnYxSWkQUiWxZIURZSL3qxtm+alxw Vzy2uSdW++YTS3Dvdw8p/ipIMwKfBGEXJWJ0OmCW+P2LkPai5E500DPd6mK7gviA 5gZ4ASVYfSjs3R971naKOpZ9svvZHiA4C2xMZxgSDlMkxMBmwRfXev0RbKMKa6m5 iwTEniTNCcrimnObTgWYZxKgrr69a2OJE0PKO76Rs6sJX0DQk9DJKyA/QK4J+LeJ HHfS4OBMeHtjo2EtJReViREyTI+1MidB9ktH7TkPiHJPCevVskc2+Ra1DO+9YHWW cTr0NUK7qzXc26CTM3gpryVqMUSU+TZOP4l3eTqn2vfGQ56axesPnR/gynu+hGld ulCE5oVa35082261N9kCwxZ3ofgR70cWLAFadIwjAor2miuiruCHmt2IJ9kUbuQJ lNL5Cwvf4BabKC4NRNo/HRfrnrjkJhcs3UqfivFlpRjcUeLS8ZHuDYya8UXbGT7p B1cNbjI5cIGHAYFTwtBMYFrBE9QaHQrzEqmdILPzcPSCySaZAvm88hOO78Gk81eH 2KRDSWEmpSRFmlU9ux3m =Bgu+ -----END PGP SIGNATURE-----
On November 15, 2014 1:53:50 PM eric gisse <jowr.pi@gmail.com> wrote: Hi,
Sebastian, how do you distinguish between the usual low level noise of ssh brute force bots out there from more invasive attacks?
There is a bunch of other software (ids etc.) for that.
Because this list is most likely just a bunch of internet background noise.
It is, thats why i wrote "usual suspects" ;-)
Honestly, the safest thing to do is to NOT USE PASSWORD BASED LOGINS. But what would be even better is to firewall ssh out so you can't get in except from specific ips and/or through say port knocking.
Im aware of that but the sad truth is that i have to make some compromises even if i really don't like them :-( But that is a whole other story, i'm afraid. Sebastian
participants (4)
-
Ch'Gans -
eric gisse -
Libertas -
Sebastian Urbach