Re: [tor-relays] SSH scans from Tor exit
grarpamp: The servers aren't the one's that shouldn't be online, it's their idiot operators who think SSH's DEFAULT SCREAMING ABOUT DENIED HACK ATTEMPTS in the logs is some kind of important, and then go reporting it to every place they can think of, each of those places staffed by more clueless idiots, etc. Grow up people, quit whining about ssh and learn to admin. Meanwhile, Theo laughs heartily at everyone. Often, SSH brute-force login attempts come directly from compromised machines, not Tor exit nodes. Reporting such attacks helps administrators realize a machine is compromised, which is a good thing. It could be helping protect the privacy of someone whose machine is compromised. I'd suggest the problem is administrators treating a Tor exit node the same as a compromised machine. If the goal of an administrator is to eliminate SSH attacks emanating from Tor, they should simply block port 22 connections from Tor exit nodes. It is a bit cynical or defeatist, I think, to say There are a lot of these attacks, so administrators should have to just accept them. If you see someone attempting to break into cars, do you report it, or do you say There are so many car thefts in the world, what's the point? Delton ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Relay down, rejected, help
Roger Dingledine: You're using arm dangerously. See item #14 on https://www.torproject.org/docs/tor-relay-debian for the safer way to run arm with your Debian / Ubuntu relay. Followed item #14, but after logging out/in I get: $ arm Connection refused. Is the ControlPort enabled? 'groups' shows the 'debian-tor' group. 'sudo -u debian-tor arm' still works. Anyone have an idea what I've missed? Thanks, Delton ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
[tor-relays] MaxAdvertiseBandwith
Hi, I have a non-exit relay running Tor 0.2.25 on a Pi. Consensus weight 37. exit-policy: reject *:* Now Iḿ back from vacation and my relay has 1600 incoming conncts and arm warns me that my bandwidth is too small to support so many incomers. Would I kindly restrict my reject policy or limit my MaxAdvertiseBandwidth. Which I believe is no longer supported(?). Can anyone help me cut down on the traffic and the notices? J. Chase ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] SSH scans from Tor exit
On Wed, Apr 30, 2014 at 2:14 PM, Delton Barnes delton.bar...@mail.ru wrote: I'd suggest the problem is administrators treating a Tor exit node the same as a compromised machine. Sure, and it's part of the sometimes improper administrivia kneejerk response. And the SCREAMING involved with this one certainly incites an unbalanced response upon the less experienced/knowledgeable. these attacks, so administrators should have to just accept them. The operator of agnostic midpoint carriage services / relay is different than the ISP of the following two machines, and different than the targeted machine, or the attacking machine. Each has different rules of play available to them, with the midpoint carrier likely having least duty among them to do anything. It's not as if blocking exit:22 to the reporter's machine is going to do anything useful on their end given the rest of the internet they're open to, but if you want to appease them and your upstream, feel free. I wouldn't, but to each their own relay policy :) ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] SSH scans from Tor exit
The original point has drifted over the horizon. I asked what could be done, in my case, to stop SSH attacks originating FROM my VPS which is running as an exit. There was another VPS emanating SQL injection attacks. The problem is that volunteering a cheap VPS to run as a Tor relay or exit is a very fickle process. The VPS businesses don't waste time on anything to do with them. Their reaction is nearly always absolute. It would be smart for the Tor society to approach that situation with guidance for ordinary people to successfully get another exit or relay running most of which would have to be on VPSs to get the speed and volume. I know there are bits and piecs on this subject but they are not a coherent guide for ordinary people. Robert ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
