[tor-relays] Tor relays source IPs spoofed to mass-scan port 22?
George Hartley
hartley_george at proton.me
Sat Nov 2 13:47:20 UTC 2024
Hello,
I do operate an exit node which rejects exits on port 22.
You should, by default, change your SSH port to a random 5 digit number:
Random.org Random Number Generator
And apply static IPTables rules to block connection spam even if someone portscans your system (make sure to apply this rule to your random port, I just set the port here to 22):
> $IPT -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --set --name SSH
> $IPT -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 300 --hitcount 4 --name SSH -j DROP
> $IPT -A INPUT -p tcp --dport 22 -m state --state NEW -j ACCEPT
Also, disable password-based authentication entirely, and go for at least RSA4096 or even better ED25519 login rendezvous.
I promise to later do a tcpdump on my machine, and see if relays on the public lists are more affected then your average "normal" server.
Of course there are always machines, more often infected than not, scanning the IPv4
ranges for open SSH ports, which possible can be exploited.
Please wait for me reply in a few hours friend.
-GH
On Tuesday, October 29th, 2024 at 4:33 AM, Pierre Bourdon delroth at gmail.com wrote:
> Hi relay ops,
> By any chance, any other relay ops seeing the same thing, or am I just
> going crazy? (it does kind of sound insane...)
> Software Engineer @ Zürich, Switzerland
> https://delroth.net/
> _______________________________________________
> tor-relays mailing list
> tor-relays at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20241102/58d07706/attachment-0001.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: publickey - hartley_george at proton.me - 0xAEE8E00F.asc
Type: application/pgp-keys
Size: 657 bytes
Desc: not available
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20241102/58d07706/attachment-0001.key>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 249 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20241102/58d07706/attachment-0001.sig>
More information about the tor-relays
mailing list