[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] SSH brute force attempts to connect to my Middle Relay IP address

To: tor-relays@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-relays] SSH brute force attempts to connect to my Middle Relay IP address
From: Robin <rok@xxxxxxxx>
Date: Wed, 04 Oct 2017 14:32:10 +0100
Delivered-to: archiver@xxxxxxxx
Delivery-date: Wed, 04 Oct 2017 09:32:35 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sent.com; h= content-transfer-encoding:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-sender :x-me-sender:x-sasl-enc; s=fm1; bh=hU3ZTUs0N5B0v+HvLlOAgtES4pkRy zKA0j9fwsBKIcc=; b=ODY45Uu0T31Ph3kSAYlvHmSKpTMqtN56+LoDWX0bBM1Rx qMWuYKSJ1Y3Sp++9Ts/N5WPrzpfAQYrKAKzW0iyfO4kdu257gLEfexCU7JCuuLTG EefesFzbauvxE1JWkmJNWPxL88DPGph0E0PI0cMwQeywaHDZyKoEfY9fIPwUwaH3 NsWcyjNDH0vXZfmH9c09oBC9UuwPr9dW4aA4i1cBjLBH0qj5HAs0Lee/37I9YYo7 k7XCJ3dg9hsp5hVBvp5PRjUbbLa36SDKS+X/BzfnW2X5aq0hnekfvD5tLkAmdmBk m9VYBcAx/2TssRzn0Qm/b68FfkU4fm7HEpSya3mmQ==
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:to:x-me-sender:x-me-sender:x-sasl-enc; s=fm1; bh=hU3ZTU s0N5B0v+HvLlOAgtES4pkRyzKA0j9fwsBKIcc=; b=qMrPgNNROmfQ5T4YqxotQA QkTe97sRdosAUBHoodxkCKULLx1z6i/GFUXIoept9w++VY1OkHSJUjxm8CZM+YoY Zfkx592luI1d2ptDjUwTWcGgXEdPdRp5fa2NKK/hDZMxJ/2FtZ4Zb0UNNbcD8PS7 y4lbB/a0e8CjCh8Qy6AbgYOVg6IyzFqSkhHPuu74uFeOZMQU2cOPxr8fFpBF1nTg W6QQT2aeWUApEfRiLuvN0rbpQI70+HeKxxfZWX7+JkleK5k0KqOOqd3dK2zJFxpD unu7logbynyj1cCQ59Cuuhwky7u1fhxgovP91Q6rpq6ETZQhCHV5lFMme4EhgivA ==
In-reply-to: <658A3736-3456-45EE-BD3F-751266DF5282@riseup.net>
List-archive: <http://lists.torproject.org/pipermail/tor-relays/>
List-help: <mailto:tor-relays-request@lists.torproject.org?subject=help>
List-id: "support and questions about running Tor relays \(exit, non-exit, bridge\)" <tor-relays.lists.torproject.org>
List-post: <mailto:tor-relays@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=unsubscribe>
References: <658A3736-3456-45EE-BD3F-751266DF5282@riseup.net>
Reply-to: tor-relays@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-relays" <tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx>

I restrict SSH access with iptables allowing only access from two IP addresses (work, and home).
I also disable root login (as many already do), as well as use the AllowUsers option in SSH.

regards, Robin

----- Original message -----
From: Fr33d0m4all <fr33d0m4all@xxxxxxxxxx>
To: tor-relays@xxxxxxxxxxxxxxxxxxxx
Subject: [tor-relays] SSH brute force attempts to connect to my Middle Relay IP address
Date: Wed, 4 Oct 2017 08:02:55 +0200

Hi,
My Tor middle relay public IP address is victim of SSH brute force connections’ attempts and the attack is going on since two weeks ago. It’s not a problem, the server that is listening with SSH on the same IP address than my Tor relay blocks the connections and bans the IP addresses (with Fail2Ban) but I just wanted to know if there is some campaign of attacks carried against Tor relays.. are you experiencing the same? The attacks are carried on with a botnet given the large amount of different IP addresses that I see in the logs.

Best regards,
   Fr33d0m4All
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Follow-Ups:
- Re: [tor-relays] SSH brute force attempts to connect to my Middle Relay IP address
  - From: Jonathan Proulx

References:
- [tor-relays] SSH brute force attempts to connect to my Middle Relay IP address
  - From: Fr33d0m4all

Prev by Author: Re: [tor-relays] Running both Transmission server and Tor relay
Next by Author: Re: [tor-relays] "Fast" flag definition
Previous by thread: Re: [tor-relays] SSH brute force attempts to connect to my Middle Relay IP address
Next by thread: Re: [tor-relays] SSH brute force attempts to connect to my Middle Relay IP address
Index(es):
- Author
- Thread