[tor-relays] Attacker IP database
Bryan Carey
z0civic483 at gmail.com
Fri Aug 2 21:25:10 UTC 2013
Thanks everyone for your input! I already had root access disabled via sshd
config. I will look into fail2ban as it sounds like it remedies the problem
I'm having.
@Nick - I'm talking about attacks directed at the node, not going through
it.
Thanks,
Bryan
On Fri, Aug 2, 2013 at 2:04 PM, Marina Brown <catskillmarina at gmail.com>wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On 08/02/2013 03:18 PM, Bryan Carey wrote:
> > Is there any kind of compiled list of IPs that relay operators can
> > refer to that are known bad IPs (sources of brute force SSH
> > attempts, etc.)? Is there a reason to NOT block (drop) traffic from
> > these IPs?
> >
> > Here are some that I have seen recently trying to brute force
> > common user accounts and root password attempts: 198.50.197.98
> > 220.161.148.178 223.4.217.47 199.187.125.250 175.99.95.252
> > 62.64.83.38 125.209.110.234 37.235.53.172
> >
>
> To block these types of attempts i disable root access in
> /etc/ssh/sshd_conf and i run fail2ban with a very strict ruleset for
> sshd in /etc/fail2ban/jail.conf. Turn the bantime way up and put the
> retries low like 2-3.
>
> Fail2ban adds abusive ip addresses to the iptables in linux. You can
> save the rulesets if you like with a cron job.
>
> - --- Marina
>
>
> > Also, in general what are some good security practices to keep in
> > mind while running a Tor relay?
> >
> > Thanks, Bryan
> >
> >
> > _______________________________________________ tor-relays mailing
> > list tor-relays at lists.torproject.org
> > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.12 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
>
> iQIcBAEBAgAGBQJR/BDXAAoJEEy/Yrjnmw6c4TEP/Rbl1wtepRS5uDIv/OIBzxYS
> VlkhTbVlgRh9fT2dK7IvHlQH0bTeQkt2sDxx4lWZJ2k157a6V2UDHuo7wZuz6NFq
> FU4N7tKUIgrfyjJi24O8YKskR3XJyayTnF71fyydWUbLhzMGgGLAePr6YpYtERci
> xRFfWRPbCx7zmWobR0SWtJdco+8ObsTDB6UDhn0HMPcFq5jc8+QE0j+R5/AOjFib
> F+r0KbUNscBQ6qqnjr8ufvoEP4Npy+0/tLG0tF1aSR6nQz1bHpf/piyjjns3N4Wt
> +a50QaXIQqUVNkgNo8KQfCDd6xktKGXtSqoaJJZulQ/37RiUhCZzkSsYZ1qa6PO/
> F+k/5CJHScRblV8F5wkBJBeiFYbqMUdhF8aP5dFkHsDLL423HHYANxWfn2+ytT2A
> zHxd4Z9xxCDc5+X/OvCc/lM/NChDaHgFckY8yDCvoBKXkkts9RHbdnsNYIEJCnnl
> qcerY9JlFTrXbcDh1QDEkrL3yphTYTFHVb9QBMID+6xOoz2AIiy0ya9P5StoSSmB
> 3G/PC+DwlMzoVyoEsG7hw53EkZkeHvCnctTubIq3LGqxEgr6wJyRdTd4ONL0joZM
> mHsZlmE3Dko0ae4yYGcvdl62TPrDKvRT52sNROhSE2K+wv3nWVevKbM9zwmWW+lI
> xeH9tafItWfW9aI94Kyc
> =AKRd
> -----END PGP SIGNATURE-----
> _______________________________________________
> tor-relays mailing list
> tor-relays at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20130802/2ef498e3/attachment-0001.html>
More information about the tor-relays
mailing list