[tor-relays] SSH scans from Tor exit

Scott Bennett bennett at sdf.org
Tue Apr 29 00:00:18 UTC 2014


"s7r at sky-ip.org" <s7r at sky-ip.org> wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> On 4/29/2014 1:31 AM, I wrote:
> > One VPS company has just asserted that SSH scans are being run from
> > my Tor exit rather than another process on the VPS. Is this
> > happening to anyone else? Does anyone know what can be done to stop
> > it?
> > 
> > Robert
> > 
> > 
> > _______________________________________________ tor-relays mailing
> > list tor-relays at lists.torproject.org 
> > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
> > 
>
>
> Could you explain with more details? Your question is not totally clear.

     I thought his question was very clear.
>
> If your VPS is being SSH brute forced there are many ways to protect:
> - - make hostbased authentication or use keys instead of password-based
> authentication
> - - install fail2ban to ban IPs after "x" wrong passwords
> - - make sure you put a very strong password, seriously
> - - disable root login via ssh
> - - if you have a VPS made with KVM you can disable SSH access at all
> and use the javaconsole from the VPS panel?

     He stated that a VPS company (I've quoted his statement above yours,
so please go back ad read it again) complained that the attacks were
emanating *from his tor exit*.  The VPS company is very unlikely to be
moved by your suggestions.
    The second matter that was clear was that he has been running a tor
relay without having read the documentation.  If he wants to restrict what
exits from his node, then he needs to read about exit policies in
particular, but he also ought to read the rest of the documentation as well.
     More generally, people really should not be running an exit in
ignorance.  The tor project has done a commendable job of providing a well
documented product.  The documentation was intended to be read, not ignored,
by those wishing to run tor, whether as a client only or as a relay.


                                  Scott Bennett, Comm. ASMELG, CFIAG
**********************************************************************
* Internet:   bennett at sdf.org   *or*   bennett at freeshell.org   *
*--------------------------------------------------------------------*
* "A well regulated and disciplined militia, is at all times a good  *
* objection to the introduction of that bane of all free governments *
* -- a standing army."                                               *
*    -- Gov. John Hancock, New York Journal, 28 January 1790         *
**********************************************************************



More information about the tor-relays mailing list