[tor-relays] iptables / dump
Libertas
libertas at mykolab.com
Sat Nov 15 13:32:17 UTC 2014
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
> Honestly, the safest thing to do is to NOT USE PASSWORD BASED
> LOGINS.
Amen.
I wrote a script to scan the Tor network for password-based login
availability. If I have the time and no one beats me to it, it'll lead
to a site that warns relay operators about security problems with
their servers. For example, I can combine it with basic, non-invasive
nmap results to warn about non-essential network applications, old OS
versions, and old Tor versions as well.
- -Libertas
eric gisse wrote:
> Sebastian, how do you distinguish between the usual low level noise
> of ssh brute force bots out there from more invasive attacks?
>
> Because this list is most likely just a bunch of internet
> background noise.
>
> Honestly, the safest thing to do is to NOT USE PASSWORD BASED
> LOGINS. But what would be even better is to firewall ssh out so you
> can't get in except from specific ips and/or through say port
> knocking.
>
> On Sat, Nov 15, 2014 at 3:46 AM, Sebastian Urbach
> <sebastian at urbach.org> wrote:
>> Hi,
>>
>> Thank you for catching the cert problem, i will fix this soon.
>>
>> Please use the following instead:
>>
>> https://www.ccc-hanau.de/~sebastian/rules.v4
>>
>> Sorry. -- Mit freundlichen Grüssen / Sincerely yours
>>
>> Sebastian Urbach
>>
>> ----------------------------------------- Definition of Tor: 10%
>> luck, 20% skill, 15% concentrated power of will, 5% pleasure, 50%
>> pain and 100% reason to remember the name!
>> -----------------------------------------
>>
>>
>>
>> On November 15, 2014 8:43:33 AM Ch'Gans <chgans at gna.org> wrote:
>>
>>>
>>>
>>> On 11/11/14 02:03, Sebastian Urbach wrote:
>>>> Dear list members,
>>>>
>>>> My iptables dump, as promised (v4). Updated every hour and
>>>> available as long as my relay is alive ;-)
>>>>
>>>> I run a pretty tight ship, just one ssh user and harsh
>>>> fail2ban settings. All these listed IP's are considered to be
>>>> "the usual suspects".
>>>>
>>>> Please feel free to use it, should give you a jump start. It
>>>> is getting pretty quiet now since i passed the 300+ ip's
>>>> milestone.
>>>>
>>>> Download:
>>>>
>>>> https://www.urbach.org/~sebastian/rules.v4
>>>
>>> Is it just me? Here is the error i get when accessing your
>>> website with firefox:
>>>
>>> ------------------------------------------------------------------
>>>
>>>
Secure Connection Failed
>>>
>>> An error occurred during a connection to www.urbach.org. The
>>> OCSP server has no status for the certificate. (Error code:
>>> sec_error_ocsp_unknown_cert) :
>>> ------------------------------------------------------------------
>>>
>>>
>>>
Krys
>>>
>>>>
>>>
>>> -- QtCreator/qmakeparser.cpp:42 ////////// Parser ///////////
>>> #define fL1S(s) QString::fromLatin1(s) namespace { // MSVC2010
>>> doesn't seem to know the semantics of "static" ...
>>> _______________________________________________ tor-relays
>>> mailing list tor-relays at lists.torproject.org
>>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>>
>>
>>
>>
>>>
_______________________________________________
>> tor-relays mailing list tor-relays at lists.torproject.org
>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
> _______________________________________________ tor-relays mailing
> list tor-relays at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
-----BEGIN PGP SIGNATURE-----
iQIcBAEBCgAGBQJUZ1W1AAoJELxHvGCsI27Ne6cP/A5Mn7KCXHvyG0KDhz1iBDPr
JQOPYJX+PQcWlhmYYAuhZrVnj+Qv2Ra9L3IOJ6lgIIlCqocdaS8UViRMwBp/3Nxi
3e7P5wKYp08AyY+ga1vvEy6lOnVfQblBptYYnYxSWkQUiWxZIURZSL3qxtm+alxw
Vzy2uSdW++YTS3Dvdw8p/ipIMwKfBGEXJWJ0OmCW+P2LkPai5E500DPd6mK7gviA
5gZ4ASVYfSjs3R971naKOpZ9svvZHiA4C2xMZxgSDlMkxMBmwRfXev0RbKMKa6m5
iwTEniTNCcrimnObTgWYZxKgrr69a2OJE0PKO76Rs6sJX0DQk9DJKyA/QK4J+LeJ
HHfS4OBMeHtjo2EtJReViREyTI+1MidB9ktH7TkPiHJPCevVskc2+Ra1DO+9YHWW
cTr0NUK7qzXc26CTM3gpryVqMUSU+TZOP4l3eTqn2vfGQ56axesPnR/gynu+hGld
ulCE5oVa35082261N9kCwxZ3ofgR70cWLAFadIwjAor2miuiruCHmt2IJ9kUbuQJ
lNL5Cwvf4BabKC4NRNo/HRfrnrjkJhcs3UqfivFlpRjcUeLS8ZHuDYya8UXbGT7p
B1cNbjI5cIGHAYFTwtBMYFrBE9QaHQrzEqmdILPzcPSCySaZAvm88hOO78Gk81eH
2KRDSWEmpSRFmlU9ux3m
=Bgu+
-----END PGP SIGNATURE-----
More information about the tor-relays
mailing list