Dear list members,
My iptables dump, as promised (v4). Updated every hour and available as long as my relay is alive ;-)
I run a pretty tight ship, just one ssh user and harsh fail2ban settings. All these listed IP's are considered to be "the usual suspects".
Please feel free to use it, should give you a jump start. It is getting pretty quiet now since i passed the 300+ ip's milestone.
Download:
https://www.urbach.org/~sebastian/rules.v4
On 11/11/14 02:03, Sebastian Urbach wrote:
Dear list members,
My iptables dump, as promised (v4). Updated every hour and available as long as my relay is alive ;-)
I run a pretty tight ship, just one ssh user and harsh fail2ban settings. All these listed IP's are considered to be "the usual suspects".
Please feel free to use it, should give you a jump start. It is getting pretty quiet now since i passed the 300+ ip's milestone.
Download:
Is it just me? Here is the error i get when accessing your website with firefox:
------------------------------------------------------------------ Secure Connection Failed
An error occurred during a connection to www.urbach.org. The OCSP server has no status for the certificate. (Error code: sec_error_ocsp_unknown_cert) : ------------------------------------------------------------------
Krys
Hi,
Thank you for catching the cert problem, i will fix this soon.
Please use the following instead:
https://www.ccc-hanau.de/~sebastian/rules.v4
Sorry.
Sebastian, how do you distinguish between the usual low level noise of ssh brute force bots out there from more invasive attacks?
Because this list is most likely just a bunch of internet background noise.
Honestly, the safest thing to do is to NOT USE PASSWORD BASED LOGINS. But what would be even better is to firewall ssh out so you can't get in except from specific ips and/or through say port knocking.
On Sat, Nov 15, 2014 at 3:46 AM, Sebastian Urbach sebastian@urbach.org wrote:
Hi,
Thank you for catching the cert problem, i will fix this soon.
Please use the following instead:
https://www.ccc-hanau.de/~sebastian/rules.v4
Sorry.
Mit freundlichen Grüssen / Sincerely yours
Sebastian Urbach
Definition of Tor: 10% luck, 20% skill, 15% concentrated power of will, 5% pleasure, 50% pain and 100% reason to remember the name!
On November 15, 2014 8:43:33 AM Ch'Gans chgans@gna.org wrote:
On 11/11/14 02:03, Sebastian Urbach wrote:
Dear list members,
My iptables dump, as promised (v4). Updated every hour and available as long as my relay is alive ;-)
I run a pretty tight ship, just one ssh user and harsh fail2ban settings. All these listed IP's are considered to be "the usual suspects".
Please feel free to use it, should give you a jump start. It is getting pretty quiet now since i passed the 300+ ip's milestone.
Download:
Is it just me? Here is the error i get when accessing your website with firefox:
Secure Connection Failed
An error occurred during a connection to www.urbach.org. The OCSP server has no status for the certificate. (Error code: sec_error_ocsp_unknown_cert) :
Krys
-- QtCreator/qmakeparser.cpp:42 ////////// Parser /////////// #define fL1S(s) QString::fromLatin1(s) namespace { // MSVC2010 doesn't seem to know the semantics of "static" ... _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
Honestly, the safest thing to do is to NOT USE PASSWORD BASED LOGINS.
Amen.
I wrote a script to scan the Tor network for password-based login availability. If I have the time and no one beats me to it, it'll lead to a site that warns relay operators about security problems with their servers. For example, I can combine it with basic, non-invasive nmap results to warn about non-essential network applications, old OS versions, and old Tor versions as well.
- -Libertas
eric gisse wrote:
Sebastian, how do you distinguish between the usual low level noise of ssh brute force bots out there from more invasive attacks?
Because this list is most likely just a bunch of internet background noise.
Honestly, the safest thing to do is to NOT USE PASSWORD BASED LOGINS. But what would be even better is to firewall ssh out so you can't get in except from specific ips and/or through say port knocking.
On Sat, Nov 15, 2014 at 3:46 AM, Sebastian Urbach sebastian@urbach.org wrote:
Hi,
Thank you for catching the cert problem, i will fix this soon.
Please use the following instead:
https://www.ccc-hanau.de/~sebastian/rules.v4
Sorry. -- Mit freundlichen Grüssen / Sincerely yours
Sebastian Urbach
----------------------------------------- Definition of Tor: 10% luck, 20% skill, 15% concentrated power of will, 5% pleasure, 50% pain and 100% reason to remember the name!
On November 15, 2014 8:43:33 AM Ch'Gans chgans@gna.org wrote:
On 11/11/14 02:03, Sebastian Urbach wrote:
Dear list members,
My iptables dump, as promised (v4). Updated every hour and available as long as my relay is alive ;-)
I run a pretty tight ship, just one ssh user and harsh fail2ban settings. All these listed IP's are considered to be "the usual suspects".
Please feel free to use it, should give you a jump start. It is getting pretty quiet now since i passed the 300+ ip's milestone.
Download:
Is it just me? Here is the error i get when accessing your website with firefox:
Secure Connection Failed
An error occurred during a connection to www.urbach.org. The OCSP server has no status for the certificate. (Error code: sec_error_ocsp_unknown_cert) :
Krys
-- QtCreator/qmakeparser.cpp:42 ////////// Parser /////////// #define fL1S(s) QString::fromLatin1(s) namespace { // MSVC2010 doesn't seem to know the semantics of "static" ... _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
_______________________________________________
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
On November 15, 2014 1:53:50 PM eric gisse jowr.pi@gmail.com wrote:
Hi,
Sebastian, how do you distinguish between the usual low level noise of ssh brute force bots out there from more invasive attacks?
There is a bunch of other software (ids etc.) for that.
Because this list is most likely just a bunch of internet background noise.
It is, thats why i wrote "usual suspects" ;-)
Honestly, the safest thing to do is to NOT USE PASSWORD BASED LOGINS. But what would be even better is to firewall ssh out so you can't get in except from specific ips and/or through say port knocking.
Im aware of that but the sad truth is that i have to make some compromises even if i really don't like them :-(
But that is a whole other story, i'm afraid.
Sebastian
tor-relays@lists.torproject.org
-
Ch'Gans -
eric gisse -
Libertas -
Sebastian Urbach