[tor-relays] So long and thanks for all the abuse complaints
George
george at queair.net
Mon Dec 4 19:04:00 UTC 2017
Zack Weinberg:
> On Mon, Dec 4, 2017 at 1:00 PM, s7r <s7r at sky-ip.org> wrote:
>> Zack Weinberg wrote:
>>> With my exit node operator hat on, I too would like to see some sort
>>> of port-scanning prevention built into the network. In my case, I had
>>> to turn off exiting to the SSH port because we were getting daily
>>> complaints about abusive scanning for devices with weak admin
>>> passwords. Which is a shame, since there are plenty of legitimate
>>> uses for SSH-over-Tor.
> ...
>> I don't think this is the way to go, under any circumstances. Better to
>> learn to make difference between junk notification and serious reports
>> that require action or reply.
>
> For the record, those daily complaints about abusive SSH scanning were
> serious reports requiring a reply. And they were not all from the
> same source.
>
I realize this issue of SSH brute forcing via exit nodes is old news,
but what is remarkable to me is that:
1. anyone cares about SSH brute force attacks if they are using keys and
passwords for SSH authentication
2. who in the world has the time to investigate SSH brute force attacks,
and if they do, maybe they had enough time to notice that it was from a
Tor exit IP?
/rant
g
--
34A6 0A1F F8EF B465 866F F0C5 5D92 1FD1 ECF6 1682
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20171204/09a9d93a/attachment-0001.sig>
More information about the tor-relays
mailing list