[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: SSH and Telnet ports

On Sun, Dec 14, 2008 at 12:48 PM, Dominik Schaefer <schaedpq2@xxxxxx> wrote:
> Kasimir Gabert schrieb:
>> On Sun, Dec 14, 2008 at 11:36 AM, Christopher Davis <loafier@xxxxxxxxx>
>> wrote:
>>> How practical is SSH password cracking over Tor? Wouldn't the latency
>>> deter attackers?
>> I have received about 70 brute force ssh attempts on my Tor node in the
>> past month from other exit nodes.  I'm not sure what the pay off is, but
>> the attacks are occurring.
> Three servers I maintain receive about 60 of those dumb and ridiculous login
> attempts per hour. They are not running any Tor relay und are not especially
> 'big' in terms of number of users or publicity. Clearly, the originator does
> not target Tor nodes specifically. ;-) As these logins are coordinated (same
> username on 3 machines within the same second), it seems to be some botnet.
> Concerning the aspect of using Tor to target others: I would be very surprised
> if anyone actually tries to use Tor for this, ordinary botnets of owned
> machines are completely sufficient.
> Dominik

Hello Dominik,

Thanks for the information.  I run denyhosts, and receive ridiculous
numbers of these connections to my servers as well.  I ran a quick
script to grab what denyhosts had blocked, and determined how many of
those connections were from Tor exit nodes.  Quite a large number!

On my other boxes I seem to get less of the Tor exit node attacks for
some reason, although I do still receive roughly the same number from


Kasimir Gabert