Zack Weinberg: > On Mon, Dec 4, 2017 at 1:00 PM, s7r <s7r@xxxxxxxxxx> wrote: >> Zack Weinberg wrote: >>> With my exit node operator hat on, I too would like to see some sort >>> of port-scanning prevention built into the network. In my case, I had >>> to turn off exiting to the SSH port because we were getting daily >>> complaints about abusive scanning for devices with weak admin >>> passwords. Which is a shame, since there are plenty of legitimate >>> uses for SSH-over-Tor. > ... >> I don't think this is the way to go, under any circumstances. Better to >> learn to make difference between junk notification and serious reports >> that require action or reply. > > For the record, those daily complaints about abusive SSH scanning were > serious reports requiring a reply. And they were not all from the > same source. > I realize this issue of SSH brute forcing via exit nodes is old news, but what is remarkable to me is that: 1. anyone cares about SSH brute force attacks if they are using keys and passwords for SSH authentication 2. who in the world has the time to investigate SSH brute force attacks, and if they do, maybe they had enough time to notice that it was from a Tor exit IP? /rant g -- 34A6 0A1F F8EF B465 866F F0C5 5D92 1FD1 ECF6 1682
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ tor-relays mailing list tor-relays@xxxxxxxxxxxxxxxxxxxx https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays