Which Directory Service do you use for your network?
None NIS LDAP LDAP + Kerberos Samba Active Directory eDirectory other ( 736 votes ~ 14 comments )
You are not currently logged in. If you do not have a user account then please consider creating one and logging in before you post your comment. This will allow you to track replies to your comment, and take part in the site much more freely.
To add your comment, fill in all the boxes below and then preview it to make sure you're happy with the way that it looks.
This is the comment you were replying to, attached to the article Brute Force Protection with BlockHosts:
#6 Be careful with this whole approach! Posted by k8to (64.142.xx.xx) on Mon 30 Jan 2006 at 21:48 Be careful with this whole approach to IP blocking. There are some common flaws that crop up. The simplest is that depending upon your network config, an attacker can spoof the failed connections to cause you to block access to arbitrary hosts, controlling your network connection as a denial of service or as a prelude to other mischief. Ensuring that these failures represent unspoofed connections is a matter of configuring your services and network stack. Keep on top of these issues. A more worrying problem is that the regexes as shipped in these packages are often very poorly analyzed (as regexes typically are!) enabling people to login with names like 192.168.0.4, causing that IP address to be blocked. Some of these methods are service specific, but the regexes are often loose enough to be fooled. This definitely affected fail2ban, and I expect it to recur with sufficient creativity and/or laziness over time. There is also the general problem, which does not affect most stock-configured debian services, of DNS problems. That is, if a service logs reversed hostnames, rather than IP addresses, can be manipulated by causing forward resolution of the name to map to an arbitrary IP address, again allowing the attacker to cause your system to block access to an arbitrary IP address. To safely employ this type of system, your services must log IP addresses, not hostnames.
Posting Format:
Inappropriate comments will be removed.
Some help on entry formatting is available
Username:
Password:
[ Advanced Login ]
Register Account
