-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
To block these types of attempts i disable root access in
On 08/02/2013 03:18 PM, Bryan Carey wrote:
> Is there any kind of compiled list of IPs that relay operators can
> refer to that are known bad IPs (sources of brute force SSH
> attempts, etc.)? Is there a reason to NOT block (drop) traffic from
> these IPs?
>
> Here are some that I have seen recently trying to brute force
> common user accounts and root password attempts: 198.50.197.98
> 220.161.148.178 223.4.217.47 199.187.125.250 175.99.95.252
> 62.64.83.38 125.209.110.234 37.235.53.172
>
/etc/ssh/sshd_conf and i run fail2ban with a very strict ruleset for
sshd in /etc/fail2ban/jail.conf. Turn the bantime way up and put the
retries low like 2-3.
Fail2ban adds abusive ip addresses to the iptables in linux. You can
save the rulesets if you like with a cron job.
- --- Marina
> Also, in general what are some good security practices to keep in
> mind while running a Tor relay?
>
> Thanks, Bryan
>
>
> _______________________________________________ tor-relays mailing-----BEGIN PGP SIGNATURE-----
> list tor-relays@xxxxxxxxxxxxxxxxxxxx
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iQIcBAEBAgAGBQJR/BDXAAoJEEy/Yrjnmw6c4TEP/Rbl1wtepRS5uDIv/OIBzxYS
VlkhTbVlgRh9fT2dK7IvHlQH0bTeQkt2sDxx4lWZJ2k157a6V2UDHuo7wZuz6NFq
FU4N7tKUIgrfyjJi24O8YKskR3XJyayTnF71fyydWUbLhzMGgGLAePr6YpYtERci
xRFfWRPbCx7zmWobR0SWtJdco+8ObsTDB6UDhn0HMPcFq5jc8+QE0j+R5/AOjFib
F+r0KbUNscBQ6qqnjr8ufvoEP4Npy+0/tLG0tF1aSR6nQz1bHpf/piyjjns3N4Wt
+a50QaXIQqUVNkgNo8KQfCDd6xktKGXtSqoaJJZulQ/37RiUhCZzkSsYZ1qa6PO/
F+k/5CJHScRblV8F5wkBJBeiFYbqMUdhF8aP5dFkHsDLL423HHYANxWfn2+ytT2A
zHxd4Z9xxCDc5+X/OvCc/lM/NChDaHgFckY8yDCvoBKXkkts9RHbdnsNYIEJCnnl
qcerY9JlFTrXbcDh1QDEkrL3yphTYTFHVb9QBMID+6xOoz2AIiy0ya9P5StoSSmB
3G/PC+DwlMzoVyoEsG7hw53EkZkeHvCnctTubIq3LGqxEgr6wJyRdTd4ONL0joZM
mHsZlmE3Dko0ae4yYGcvdl62TPrDKvRT52sNROhSE2K+wv3nWVevKbM9zwmWW+lI
xeH9tafItWfW9aI94Kyc
=AKRd
-----END PGP SIGNATURE-----
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
_______________________________________________ tor-relays mailing list tor-relays@xxxxxxxxxxxxxxxxxxxx https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays