[tor-relays] VPS suspended for many SSH connections
Roman Mamedov
rm at romanrm.net
Sat Apr 19 08:27:55 UTC 2014
On Fri, 18 Apr 2014 23:29:08 -0800
I <beatthebastards at inbox.com> wrote:
> What can I do about this?
> The VPS business keeps saying this is reason to suspend?
>
> Fri, 18 Apr 2014 02:05:04 -0400 VPS 11028 (192.3.42.25) has 24676 conntrack sessions
> Fri, 18 Apr 2014 02:05:09 -0400 VPS 11028 (192.3.42.25) has 24648 conntrack sessions
> Fri, 18 Apr 2014 02:05:14 -0400 VPS 11028 (192.3.42.25) has 23119 conntrack sessions
> Fri, 18 Apr 2014 02:05:19 -0400 VPS 11028 (192.3.42.25) has 20123 conntrack sessions
> Fri, 18 Apr 2014 20:48:24 -0400 VPS 11028 (192.3.42.25) has 311 SSH connections
> Fri, 18 Apr 2014 20:48:25 -0400 SUSPENDING VPS 11028 (192.3.42.25); it has 311 SSH connections
Hello,
Were you running an exit node there, with port 22 accepted in the exit policy?
If so, someone might have been trying to brute-force SSH passwords via your
exit node.
If not, then still these might have been Tor connections, but to other relays,
as some of them have their ORPort set to 22. However I don't know if it's
normal that you would have 311 connections to them, after all they are in a
tiny minority (only 20 relays or so):
http://torstatus.blutmagie.de/index.php?SR=ORPort&SO=Asc
--
With respect,
Roman
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20140419/d00ad062/attachment.sig>
More information about the tor-relays
mailing list