[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] List of Relays' Available SSH Auth Methods

To: tor-relays@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-relays] List of Relays' Available SSH Auth Methods
From: Toralf FÃrster <toralf.foerster@xxxxxx>
Date: Tue, 18 Nov 2014 18:28:16 +0100
Delivered-to: archiver@xxxxxxxx
Delivery-date: Tue, 18 Nov 2014 12:34:14 -0500
In-reply-to: <CAKCAbMi6w8P_f6VT01B25NVcJUtt5G_na9tF4iNd8FBrMFW+Yw@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-relays/>
List-help: <mailto:tor-relays-request@lists.torproject.org?subject=help>
List-id: "support and questions about running Tor relays \(exit, non-exit, bridge\)" <tor-relays.lists.torproject.org>
List-post: <mailto:tor-relays@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=unsubscribe>
References: <546B6131.5060103@xxxxxxxxxxx> <546B6597.7050909@xxxxxxxxx> <546B70B2.7020805@xxxxxx> <CAKCAbMi6w8P_f6VT01B25NVcJUtt5G_na9tF4iNd8FBrMFW+Yw@xxxxxxxxxxxxxx>
Reply-to: tor-relays@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-relays" <tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx>
User-agent: Mozilla/5.0 (X11; Linux i686; rv:31.0) Gecko/20100101 Thunderbird/31.2.0

On 11/18/2014 05:45 PM, Zack Weinberg wrote:
> On Tue, Nov 18, 2014 at 11:15 AM, Toralf FÃrster <toralf.foerster@xxxxxx> wrote:
>> On 11/18/2014 04:28 PM, Jeroen Massar wrote:
>>> People should realize though that it is not 'safer' in any way running
>>> SSH on another port.
>>
>> But it is (slightly) more expensive - which counts, or ?
> 
> In my limited experience, moving SSH to another port made no apparent
> difference to the number of random attempts to break in.  I'd
> recommend fail2ban or equivalent instead.
> 

Well, I do have an alternate port and my ip tables shows me this :

$> wc  /proc/net/xt_recent/FAILED_SSH_*
4 61 643 /proc/net/xt_recent/FAILED_SSH_ALT_LOGIN
149 1284 12182 /proc/net/xt_recent/FAILED_SSH_LOGIN


These are the iptables rules :

        #       block brute force attacks against ssh, fake the 22
        #
        $IPT -t filter -A INPUT -p tcp --destination-port  22 --match conntrack --ctstate NEW         --match recent --name FAILED_SSH_LOGIN --set
        $IPT -t filter -A INPUT -p tcp --destination-port  22 --match conntrack --ctstate ESTABLISHED --match recent --name FAILED_SSH_LOGIN --update --seconds 300 --hitcount 2 -j REJECT --reject-with tcp-reset

        $IPT -t filter -A INPUT -p tcp --destination-port <snip> --match conntrack --ctstate NEW         --match recent --name FAILED_SSH_ALT_LOGIN --set
        $IPT -t filter -A INPUT -p tcp --destination-port <snip> --match conntrack --ctstate ESTABLISHED --match recent --name FAILED_SSH_ALT_LOGIN --update --seconds 300 --hitcount 2 -j DROP


-- 
Toralf
pgp key: 0076 E94E

_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Follow-Ups:
- Re: [tor-relays] List of Relays' Available SSH Auth Methods
  - From: tor-exit0

References:
- [tor-relays] List of Relays' Available SSH Auth Methods
  - From: Libertas
- Re: [tor-relays] List of Relays' Available SSH Auth Methods
  - From: Jeroen Massar
- Re: [tor-relays] List of Relays' Available SSH Auth Methods
  - From: Toralf FÃrster
- Re: [tor-relays] List of Relays' Available SSH Auth Methods
  - From: Zack Weinberg

Prev by Author: Re: [tor-relays] List of Relays' Available SSH Auth Methods
Next by Author: Re: [tor-relays] List of Relays' Available SSH Auth Methods
Previous by thread: Re: [tor-relays] List of Relays' Available SSH Auth Methods
Next by thread: Re: [tor-relays] List of Relays' Available SSH Auth Methods
Index(es):
- Author
- Thread