[tor-relays] SSH brute force attempts to connect to my Middle Relay IP address
Sean Greenslade
sean at seangreenslade.com
Wed Oct 4 06:27:49 UTC 2017
On October 3, 2017 11:02:55 PM PDT, Fr33d0m4all <fr33d0m4all at riseup.net> wrote:
>Hi,
>My Tor middle relay public IP address is victim of SSH brute force
>connections’ attempts and the attack is going on since two weeks ago.
>It’s not a problem, the server that is listening with SSH on the same
>IP address than my Tor relay blocks the connections and bans the IP
>addresses (with Fail2Ban) but I just wanted to know if there is some
>campaign of attacks carried against Tor relays.. are you experiencing
>the same? The attacks are carried on with a botnet given the large
>amount of different IP addresses that I see in the logs.
This happens to any machine with an open ssh port on the internet. Just set up ssh keys for login, disable password auth, and ignore the fruitless attempts. I personally don't bother with f2b. The only time I ever bother blocking attackers is if I'm trying to live view my logs and the attacks are polluting my view. Otherwise it's not worth my time.
--Sean
More information about the tor-relays
mailing list