[tor-relays] Attacker IP database

Marina Brown catskillmarina at gmail.com
Fri Aug 2 20:04:40 UTC 2013 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 08/02/2013 03:18 PM, Bryan Carey wrote:
> Is there any kind of compiled list of IPs that relay operators can
> refer to that are known bad IPs (sources of brute force SSH
> attempts, etc.)? Is there a reason to NOT block (drop) traffic from
> these IPs?
> 
> Here are some that I have seen recently trying to brute force
> common user accounts and root password attempts: 198.50.197.98 
> 220.161.148.178 223.4.217.47 199.187.125.250 175.99.95.252 
> 62.64.83.38 125.209.110.234 37.235.53.172
> 

To block these types of attempts i disable root access in
/etc/ssh/sshd_conf and i run fail2ban with a very strict ruleset for
sshd in /etc/fail2ban/jail.conf. Turn the bantime way up and put the
retries low like 2-3.

Fail2ban adds abusive ip addresses to the iptables in linux. You can
save the rulesets if you like with a cron job.

- --- Marina


> Also, in general what are some good security practices to keep in
> mind while running a Tor relay?
> 
> Thanks, Bryan
> 
> 
> _______________________________________________ tor-relays mailing
> list tor-relays at lists.torproject.org 
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJR/BDXAAoJEEy/Yrjnmw6c4TEP/Rbl1wtepRS5uDIv/OIBzxYS
VlkhTbVlgRh9fT2dK7IvHlQH0bTeQkt2sDxx4lWZJ2k157a6V2UDHuo7wZuz6NFq
FU4N7tKUIgrfyjJi24O8YKskR3XJyayTnF71fyydWUbLhzMGgGLAePr6YpYtERci
xRFfWRPbCx7zmWobR0SWtJdco+8ObsTDB6UDhn0HMPcFq5jc8+QE0j+R5/AOjFib
F+r0KbUNscBQ6qqnjr8ufvoEP4Npy+0/tLG0tF1aSR6nQz1bHpf/piyjjns3N4Wt
+a50QaXIQqUVNkgNo8KQfCDd6xktKGXtSqoaJJZulQ/37RiUhCZzkSsYZ1qa6PO/
F+k/5CJHScRblV8F5wkBJBeiFYbqMUdhF8aP5dFkHsDLL423HHYANxWfn2+ytT2A
zHxd4Z9xxCDc5+X/OvCc/lM/NChDaHgFckY8yDCvoBKXkkts9RHbdnsNYIEJCnnl
qcerY9JlFTrXbcDh1QDEkrL3yphTYTFHVb9QBMID+6xOoz2AIiy0ya9P5StoSSmB
3G/PC+DwlMzoVyoEsG7hw53EkZkeHvCnctTubIq3LGqxEgr6wJyRdTd4ONL0joZM
mHsZlmE3Dko0ae4yYGcvdl62TPrDKvRT52sNROhSE2K+wv3nWVevKbM9zwmWW+lI
xeH9tafItWfW9aI94Kyc
=AKRd
-----END PGP SIGNATURE-----

More information about the tor-relays mailing list