I've taken to contacting the sender of the automated abuse reports and
noting that sending such emails may actually not be legal (at least in
the US) under CAN-SPAM. In some cases I've seen positive response as
people aren't even aware their random server with fail2ban is sending
these things.
Matt
On 8/29/19 11:26 PM, AMuse wrote:
> Hi all! I'm curious what y'all think of this situation.
>
> I have SSH open as an exit port on a TOR exit that my friends and I are
> maintaining - and of course it's the #1 offender by far in automated
> abuse notifications we get from our ISP, from peoples' fail2ban servers
> sending abuse emails. This all seems like a huge waste of time, but
> that's a separate issue.
>
> I'm wondering if nerfing outbound SSH to rate limit will be effective at
> getting the SSH scanning bots to stop using my exit in their circuit,
> while leaving SSH open for actual humans who need to SSH while using TOR.
>
> I've implemented, as a test, rate limiting outbound on the SSH port.
> What do you think the impact of this will be? No impact? Losing exit
> status because connections on SSH die? Something else entirely?
>
> Here's the pf rules in question:
>
> pass in on $ext_if proto {tcp udp} from any to any port 9000:9150 keep state
>
> pass in on $ext_if proto tcp from any to any port 22 keep state
>
> pass in on $ext_if proto tcp from any to any port 80 keep state
>
> pass out on $ext_if from any to any keep state
>
> pass out on $ext_if proto tcp from any to any port 22 keep state
> (max-src-conn 25, max-src-conn-rate 1/5 )
>
>
> _______________________________________________
> tor-relays mailing list
> [email protected]
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
_______________________________________________
tor-relays mailing list
[email protected]
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
