[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] SSH brute force attempts to connect to my Middle Relay IP address

To: tor-relays@xxxxxxxxxxxxxxxxxxxx,Fr33d0m4all <fr33d0m4all@xxxxxxxxxx>
Subject: Re: [tor-relays] SSH brute force attempts to connect to my Middle Relay IP address
From: Sean Greenslade <sean@xxxxxxxxxxxxxxxxxx>
Date: Tue, 03 Oct 2017 23:27:49 -0700
Delivered-to: archiver@xxxxxxxx
Delivery-date: Wed, 04 Oct 2017 02:36:21 -0400
Dkim-filter: OpenDKIM Filter v2.11.0 cartman.routify.me 3y6Qtw4s0cz3xqt
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=seangreenslade.com; s=default; t=1507098473; bh=kpzZoLOLLMCOotZqwWtlsF6/34RPzbZoUdQBVPrmTtc=; h=Date:In-Reply-To:References:Subject:To:From:From; b=mbZr/5zEDURPTcL8v/wTvER46vlNdzzsRAEKpNDJmdB2JI8DfUQ+nzgXKRZI/XQ33 dAR7Rep+Aplw7IlCkQZl6hbmGV9IFAKw0vtk3t32gn4ykuA0GhgnEqTpQnrIXF6kS8 j4Vyx+Iezya0eFXgl3zM8B20sOtV8WEAdf2sJW0Y=
In-reply-to: <658A3736-3456-45EE-BD3F-751266DF5282@riseup.net>
List-archive: <http://lists.torproject.org/pipermail/tor-relays/>
List-help: <mailto:tor-relays-request@lists.torproject.org?subject=help>
List-id: "support and questions about running Tor relays \(exit, non-exit, bridge\)" <tor-relays.lists.torproject.org>
List-post: <mailto:tor-relays@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=unsubscribe>
References: <658A3736-3456-45EE-BD3F-751266DF5282@riseup.net>
Reply-to: tor-relays@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-relays" <tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx>
User-agent: K-9 Mail for Android

On October 3, 2017 11:02:55 PM PDT, Fr33d0m4all <fr33d0m4all@xxxxxxxxxx> wrote:
>Hi,
>My Tor middle relay public IP address is victim of SSH brute force
>connections’ attempts and the attack is going on since two weeks ago.
>It’s not a problem, the server that is listening with SSH on the same
>IP address than my Tor relay blocks the connections and bans the IP
>addresses (with Fail2Ban) but I just wanted to know if there is some
>campaign of attacks carried against Tor relays.. are you experiencing
>the same? The attacks are carried on with a botnet given the large
>amount of different IP addresses that I see in the logs.

This happens to any machine with an open ssh port on the internet. Just set up ssh keys for login, disable password auth,  and ignore the fruitless attempts. I personally don't bother with f2b. The only time I ever bother blocking attackers is if I'm trying to live view my logs and the attacks are polluting my view. Otherwise it's not worth my time.

--Sean

_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

References:
- [tor-relays] SSH brute force attempts to connect to my Middle Relay IP address
  - From: Fr33d0m4all

Prev by Author: Re: [tor-relays] Testers needed for Nyx beta release
Next by Author: Re: [tor-relays] Testers needed for Nyx beta release
Previous by thread: Re: [tor-relays] SSH brute force attempts to connect to my Middle Relay IP address
Next by thread: Re: [tor-relays] SSH brute force attempts to connect to my Middle Relay IP address
Index(es):
- Author
- Thread