Re: [tor-relays] Attacker IP database

Subject: Re: [tor-relays] Attacker IP database

From: Richard Budd <rotorbudd@xxxxxxxxx>

Date: Fri, 2 Aug 2013 16:04:22 -0400

Delivery-date: Fri, 02 Aug 2013 16:04:36 -0400

Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; bh=Oo20n8BJYjlWYrOq6QZByNv/OriPAsRuDn7lS/bOzxk=; b=bK7oUU1cEVhi1OyYpaexK65LUupuAC40QgaXfKNis2Jd6Ib/jFLiNfRUSmRH9hU/MZ ehWw0ebkWxlM/MoXvOW400kcSWbeiDuVzs/KSLLLmH+8xOFdccnygPLDb1qsVZl0F4cT dPDymvAT4iAIE9FB2K0uHcFC7czB9rOf9shp7mYRWYzSh11KdVHNMI8waNe8UsCHQuLn BzKaxnk0GLV2brWCCPSabg0htn5ds3YEXm33VJh4jZmAtqP9cnRhj8Mz7WsJqd2PO6sT kwq3NDWOOGGTM6yaW4u4hja4RkT2ir5p/LXEnDEflNZbw9TJfiE1YUN5h1FqMRDb4ria Ou6Q==

In-reply-to: <CA+zTX6+2v0GBP6aUcTb8WqJhaDZKhRJEz92WcrBRqL9b4mg4pw@xxxxxxxxxxxxxx>

List-archive: <http://lists.torproject.org/pipermail/tor-relays/>

List-help: <mailto:tor-relays-request@lists.torproject.org?subject=help>

List-id: "support and questions about running Tor relays \(exit, non-exit, bridge\)" <tor-relays.lists.torproject.org>

List-post: <mailto:tor-relays@lists.torproject.org>

List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=subscribe>

List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=unsubscribe>

References: <CA+zTX6+2v0GBP6aUcTb8WqJhaDZKhRJEz92WcrBRqL9b4mg4pw@xxxxxxxxxxxxxx>

Reply-to: tor-relays@xxxxxxxxxxxxxxxxxxxx

Sender: "tor-relays" <tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx>

If you are just talking about regular server hacking attempts, and you are using debian, tben try demyhosts and have it query the demyhosts server every hour or so. It will download a list of known attacking ips

On Aug 2, 2013 3:41 PM, "Bryan Carey" <z0civic483@xxxxxxxxx> wrote:

Is there any kind of compiled list of IPs that relay operators can refer to that are known bad IPs (sources of brute force SSH attempts, etc.)? Is there a reason to NOT block (drop) traffic from these IPs?

Here are some that I have seen recently trying to brute force common user accounts and root password attempts:
198.50.197.98
220.161.148.178
223.4.217.47
199.187.125.250

175.99.95.252
62.64.83.38
125.209.110.234
37.235.53.172

Also, in general what are some good security practices to keep in mind while running a Tor relay?

Thanks,
Bryan

_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

_______________________________________________ tor-relays mailing list tor-relays@xxxxxxxxxxxxxxxxxxxx https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays