[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] iptables / dump



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

> Honestly, the safest thing to do is to NOT USE PASSWORD BASED
> LOGINS.

Amen.

I wrote a script to scan the Tor network for password-based login
availability. If I have the time and no one beats me to it, it'll lead
to a site that warns relay operators about security problems with
their servers. For example, I can combine it with basic, non-invasive
nmap results to warn about non-essential network applications, old OS
versions, and old Tor versions as well.

- -Libertas

eric gisse wrote:
> Sebastian, how do you distinguish between the usual low level noise
> of ssh brute force bots out there from more invasive attacks?
> 
> Because this list is most likely just a bunch of internet
> background noise.
> 
> Honestly, the safest thing to do is to NOT USE PASSWORD BASED
> LOGINS. But what would be even better is to firewall ssh out so you
> can't get in except from specific ips and/or through say port
> knocking.
> 
> On Sat, Nov 15, 2014 at 3:46 AM, Sebastian Urbach
> <sebastian@xxxxxxxxxx> wrote:
>> Hi,
>> 
>> Thank you for catching the cert problem, i will fix this soon.
>> 
>> Please use the following instead:
>> 
>> https://www.ccc-hanau.de/~sebastian/rules.v4
>> 
>> Sorry. -- Mit freundlichen GrÃssen / Sincerely yours
>> 
>> Sebastian Urbach
>> 
>> ----------------------------------------- Definition of Tor: 10%
>> luck, 20% skill, 15% concentrated power of will, 5% pleasure, 50%
>> pain and 100% reason to remember the name! 
>> -----------------------------------------
>> 
>> 
>> 
>> On November 15, 2014 8:43:33 AM Ch'Gans <chgans@xxxxxxx> wrote:
>> 
>>> 
>>> 
>>> On 11/11/14 02:03, Sebastian Urbach wrote:
>>>> Dear list members,
>>>> 
>>>> My iptables dump, as promised (v4). Updated every hour and
>>>> available as long as my relay is alive ;-)
>>>> 
>>>> I run a pretty tight ship, just one ssh user and harsh
>>>> fail2ban settings. All these listed IP's are considered to be
>>>> "the usual suspects".
>>>> 
>>>> Please feel free to use it, should give you a jump start. It
>>>> is getting pretty quiet now since i passed the 300+ ip's
>>>> milestone.
>>>> 
>>>> Download:
>>>> 
>>>> https://www.urbach.org/~sebastian/rules.v4
>>> 
>>> Is it just me? Here is the error i get when accessing your
>>> website with firefox:
>>> 
>>> ------------------------------------------------------------------
>>>
>>> 
Secure Connection Failed
>>> 
>>> An error occurred during a connection to www.urbach.org. The
>>> OCSP server has no status for the certificate. (Error code: 
>>> sec_error_ocsp_unknown_cert) : 
>>> ------------------------------------------------------------------
>>>
>>>
>>> 
Krys
>>> 
>>>> 
>>> 
>>> -- QtCreator/qmakeparser.cpp:42 ////////// Parser /////////// 
>>> #define fL1S(s) QString::fromLatin1(s) namespace { // MSVC2010
>>> doesn't seem to know the semantics of "static" ... 
>>> _______________________________________________ tor-relays
>>> mailing list tor-relays@xxxxxxxxxxxxxxxxxxxx 
>>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>>
>>
>>
>>
>>> 
_______________________________________________
>> tor-relays mailing list tor-relays@xxxxxxxxxxxxxxxxxxxx 
>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
> _______________________________________________ tor-relays mailing
> list tor-relays@xxxxxxxxxxxxxxxxxxxx 
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
> 
-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJUZ1W1AAoJELxHvGCsI27Ne6cP/A5Mn7KCXHvyG0KDhz1iBDPr
JQOPYJX+PQcWlhmYYAuhZrVnj+Qv2Ra9L3IOJ6lgIIlCqocdaS8UViRMwBp/3Nxi
3e7P5wKYp08AyY+ga1vvEy6lOnVfQblBptYYnYxSWkQUiWxZIURZSL3qxtm+alxw
Vzy2uSdW++YTS3Dvdw8p/ipIMwKfBGEXJWJ0OmCW+P2LkPai5E500DPd6mK7gviA
5gZ4ASVYfSjs3R971naKOpZ9svvZHiA4C2xMZxgSDlMkxMBmwRfXev0RbKMKa6m5
iwTEniTNCcrimnObTgWYZxKgrr69a2OJE0PKO76Rs6sJX0DQk9DJKyA/QK4J+LeJ
HHfS4OBMeHtjo2EtJReViREyTI+1MidB9ktH7TkPiHJPCevVskc2+Ra1DO+9YHWW
cTr0NUK7qzXc26CTM3gpryVqMUSU+TZOP4l3eTqn2vfGQ56axesPnR/gynu+hGld
ulCE5oVa35082261N9kCwxZ3ofgR70cWLAFadIwjAor2miuiruCHmt2IJ9kUbuQJ
lNL5Cwvf4BabKC4NRNo/HRfrnrjkJhcs3UqfivFlpRjcUeLS8ZHuDYya8UXbGT7p
B1cNbjI5cIGHAYFTwtBMYFrBE9QaHQrzEqmdILPzcPSCySaZAvm88hOO78Gk81eH
2KRDSWEmpSRFmlU9ux3m
=Bgu+
-----END PGP SIGNATURE-----
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays