Menu
▾
▴
[SSHGuard-users] [OT] blocking TOR
|
From: <li...@la...> - 2016-08-11 22:45:18
|
I noticed some of the IP addresses blocked by SSHGUARD were TOR exit nodes. Potentially some hacker could be switching between exit nodes or maybe just using different IP addresses within the address space of the CIDR. If so, that would get around the repetition needed to trigger SSHGUARD. This is a simple five line script to block TOR. Put the lines in a file and then call the script from chron since the exit nodes are dynamic. I run it hourly, though TOR does not indicate what schedule is sufficient. ---------------------- wget https://check.torproject.org/exit-addresses sed '/ExitNode/d; /Published/d; /LastStatus/d; s/ExitAddress //' <exit-addresses | cut -w -f-1 >feedipfw ipfw table 2 flush cat feedipfw | xargs -n1 echo ipfw table 2 add | bash rm exit-addresses ----------------------- The flow is you get the list from the TOR project, strip out everything but the CIDR from the TOR list, put that data into a table. Use a similar line in your firewall to how sshguard is implemented. Obviously pick a table number you aren't using. That funky use of "echo" in the 4th line is a trick to keep the xargs running should there be something that cuases the ipfw command to fail, such as a duplicate entry. |
