[tor-relays] Attacker IP database
Nick
tor-relays at njw.me.uk
Fri Aug 2 19:47:48 UTC 2013
Quoth Bryan Carey:
> Is there any kind of compiled list of IPs that relay operators can refer to
> that are known bad IPs (sources of brute force SSH attempts, etc.)? Is
> there a reason to NOT block (drop) traffic from these IPs?
Quite possibly I'm being stupid, but wouldn't these IPs just be
other relay nodes? Or do you mean they're attempting foul play on
your relay (not through your relay)?
Either way, I suspect the same sorts of security measures that
sysadmins rely on in other situations apply here; temporarily ip
blocking persistent bad actors may help, but tools like fail2ban are
probably going to more effective, while having less chance of
inadvertantly affecting other users on an IP block.
More information about the tor-relays
mailing list