In relation to SSH peculiarities such as a great number of outgoing SSH
connections apparently involved in attacks and one SQL injection attack
(outgoing) what does the collective intelligence think of this SSH rootkit:
Ebury.
White Paper:
http://www.welivesecurity.com/wp-content/uploads/2014/
Kurt Besig wrote
>>
> Your points are well taken, Robert. I'm a relative newcomer to running
> a relay so unfortunately don't have the answers you seek, however I'm
> in agreement that more help and less bashing is in order if the
> bashers want to keep Tor alive../mini-rant
Thanks Kurt.
__
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 4/30/2014 9:01 PM, I wrote:
> The original point has drifted over the horizon.
>
> I asked what could be done, in my case, to stop SSH attacks
> originating FROM my VPS which is running as an exit. There was
> another VPS emanating SQL injection at
The original point has drifted over the horizon.
I asked what could be done, in my case, to stop SSH attacks originating FROM my
VPS which is running as an exit.
There was another VPS emanating SQL injection attacks.
The problem is that volunteering a cheap VPS to run as a Tor relay or exit is a
On 14-04-30 02:14 PM, Delton Barnes wrote:
> It is a bit cynical or defeatist, I think, to say "There are a lot of
> these attacks, so administrators should have to just accept them." If
> you see someone attempting to break into cars, do you report it, or do
> you say "There are so many car theft
On Wed, Apr 30, 2014 at 2:14 PM, Delton Barnes wrote:
> I'd suggest the problem is administrators treating a Tor exit node the
> same as a compromised machine.
Sure, and it's part of the sometimes improper administrivia kneejerk
response. And the SCREAMING involved with this one certainly incite
grarpamp:
> The servers aren't the one's that shouldn't be online, it's their idiot
> operators who think SSH's DEFAULT SCREAMING ABOUT DENIED
> HACK ATTEMPTS in the logs is some kind of important, and then go
> reporting it to every place they can think of, each of those places staffed
> by more c
On Tue, Apr 29, 2014 at 5:26 PM, Nicolas Christin
wrote:
> The level of intelligence of the people that receive these complaints
> is irrelevant.
It is, in fact, entirely relevant. Clueless recipients (and their upstream)
leads directly to improper kneejerk responses, such as "pull the project".
On Tue Apr 29, 2014, grarpamp wrote:
> > On 4/28/2014 10:04 PM, Zack Weinberg wrote:
> >> For what it's worth, after complaints from campus IT we also wound up
> >> blocking SSH in the CMU Tor exit's policy.
>
> Sounds like IT is conflicted and sans balls... permits relay service,
> but well, doe
Robert,
There is some good advice for exit relay operators on the Tor website that
might be helpful. Included are templates you can use for responding to
abuse complaints received by your ISP.
https://trac.torproject.org/projects/tor/wiki//doc/TorExitGuidelines
https://blog.torproject.org/runni
On Mon, Apr 28, 2014 at 11:23:19PM -0400, Michael Wolf wrote:
> Will they request that port 80 be blocked
> because of the SQL injection and Wordpress vulnerability scans?
Yes, in fact we do get requests for exactly that (mostly from misguided
CERT type organizations). "We support anonymity, bu
I wrote:
> What do you suggest I missed in the documentation?
>
Exit policies. I wrote that in my earlier message.
Scott Bennett, Comm. ASMELG, CFIAG
**
* Internet: bennett at sdf.org
On Mon, Apr 28, 2014 at 6:31 PM, I wrote:
> Is this happening to anyone else?
Yes. Many relay ops effectively ignore it, as they have often
positioned themselves beforehand to do so.
> Does anyone know what can be done to stop it?
Block *:22 in your exit policy.
Offer your vps that you will acc
On Mon, Apr 28, 2014 at 11:23 PM, Michael Wolf wrote:
> On 4/28/2014 10:04 PM, Zack Weinberg wrote:
>> For what it's worth, after complaints from campus IT we also wound up
>> blocking SSH in the CMU Tor exit's policy.
Sounds like IT is conflicted and sans balls... permits relay service,
but well
Mike,
Yes but the goal is to have more relays, exits and bridges and if commercial
server operators are very low on spine we have to keep them onside carefully.
I have just been kicked of another one after paying a year in advance.
If we have no authoritative retort when they raise the first '
On 4/28/2014 10:04 PM, Zack Weinberg wrote:
> For what it's worth, after complaints from campus IT we also wound up
> blocking SSH in the CMU Tor exit's policy. It's a shame we can't help
> people do sysadmin stuff and whatnot anonymously, but the port scans
> do seem to happen quite often.
>
> z
For what it's worth, after complaints from campus IT we also wound up
blocking SSH in the CMU Tor exit's policy. It's a shame we can't help
people do sysadmin stuff and whatnot anonymously, but the port scans
do seem to happen quite often.
zw
___
tor-re
Scott,
What do you suggest I missed in the documentation?
Robert
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
I first thought that the numerous complaints of my VPS being the source of the
SSH (outgoing) attacks was that I hadn't done the things you suggested below
and been 'hacked' but now one VPS business has looked at the VPS processes and
said it must be coming out of Tor as I run an exit.
So I am
"s...@sky-ip.org" wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> On 4/29/2014 1:31 AM, I wrote:
> > One VPS company has just asserted that SSH scans are being run from
> > my Tor exit rather than another process on the VPS. Is this
> > happening to anyone else? Does anyone know wh
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 4/29/2014 1:31 AM, I wrote:
> One VPS company has just asserted that SSH scans are being run from
> my Tor exit rather than another process on the VPS. Is this
> happening to anyone else? Does anyone know what can be done to stop
> it?
>
> Robert
21 matches
Mail list logo
