[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: SSH and Telnet ports
On Sun, Dec 14, 2008 at 12:48 PM, Dominik Schaefer <schaedpq2@xxxxxx> wrote:
> Kasimir Gabert schrieb:
>> On Sun, Dec 14, 2008 at 11:36 AM, Christopher Davis <loafier@xxxxxxxxx>
>>> How practical is SSH password cracking over Tor? Wouldn't the latency
>>> deter attackers?
>> I have received about 70 brute force ssh attempts on my Tor node in the
>> past month from other exit nodes. I'm not sure what the pay off is, but
>> the attacks are occurring.
> Three servers I maintain receive about 60 of those dumb and ridiculous login
> attempts per hour. They are not running any Tor relay und are not especially
> 'big' in terms of number of users or publicity. Clearly, the originator does
> not target Tor nodes specifically. ;-) As these logins are coordinated (same
> username on 3 machines within the same second), it seems to be some botnet.
> Concerning the aspect of using Tor to target others: I would be very surprised
> if anyone actually tries to use Tor for this, ordinary botnets of owned
> machines are completely sufficient.
Thanks for the information. I run denyhosts, and receive ridiculous
numbers of these connections to my servers as well. I ran a quick
script to grab what denyhosts had blocked, and determined how many of
those connections were from Tor exit nodes. Quite a large number!
On my other boxes I seem to get less of the Tor exit node attacks for
some reason, although I do still receive roughly the same number from