[tor-relays] SSH brute force attempts to connect to my Middle Relay IP address
Jonathan Proulx
jon at csail.mit.edu
Wed Oct 4 14:48:46 UTC 2017
On Wed, Oct 04, 2017 at 02:32:10PM +0100, Robin wrote:
:I restrict SSH access with iptables allowing only access from two IP addresses (work, and home).
:I also disable root login (as many already do), as well as use the AllowUsers option in SSH.
Hard for me to tell if my Tor nodes get any more scans becasue I have
a similar IP restricted setup.
I can say a public login system that I run currenlty has 144 hosts
blacklisted by sshguard which means they've failed a number of login
attempts and atleast one in the past 2 minutes, not sure what the
average size of that list is but that subjectively seems normalish
Someone did apparently try to DoS my exit a couple weeks ago and
Akamai/Prolexic (contracted by my upstream provider so I had no
contacts) helpfully "mittigated" this by null routing the whole /24 it
was on :( This is more a fight between me and my provider but I still
have no response on what triggered that so can't provide any more
detail, just eventually went away on it's own.
-Jon
:
:regards, Robin
:
:----- Original message -----
:From: Fr33d0m4all <fr33d0m4all at riseup.net>
:To: tor-relays at lists.torproject.org
:Subject: [tor-relays] SSH brute force attempts to connect to my Middle Relay IP address
:Date: Wed, 4 Oct 2017 08:02:55 +0200
:
:Hi,
:My Tor middle relay public IP address is victim of SSH brute force connections’ attempts and the attack is going on since two weeks ago. It’s not a problem, the server that is listening with SSH on the same IP address than my Tor relay blocks the connections and bans the IP addresses (with Fail2Ban) but I just wanted to know if there is some campaign of attacks carried against Tor relays.. are you experiencing the same? The attacks are carried on with a botnet given the large amount of different IP addresses that I see in the logs.
:
:Best regards,
: Fr33d0m4All
:_______________________________________________
:tor-relays mailing list
:tor-relays at lists.torproject.org
:https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
:_______________________________________________
:tor-relays mailing list
:tor-relays at lists.torproject.org
:https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
--
More information about the tor-relays
mailing list