DragonFly users List (threaded) for 2007-12
[
Date Prev][
Date Next]
[
Thread Prev][
Thread Next]
[
Date Index][
Thread Index]
Re: Blacklisting (and blocking) remote sites - blt.tar.gz (0/1)
:Hi all,
:
:you probably also get your logfiles flooded with lines reporting
:failed login attempts via ftp or ssh from remote sites.
:...
:
:So here's my homebrewed blacklisting toolset, consisting of just two
:simple shell scripts and a master configuration file.
:
:Enjoy the show
:
:--Joerg
Cool stuff... I like the variable names you chose.
There are two issues that I see. The first is that the hosts.allow
file can potentially become huge... thousands or tens of thousands
of entries (or more) if you are attacked, and that could be used as a
denial of service attack against regular operations. every connect()
to your box will search the file.
The second is that I'm not sure it is safe to insert the strings
you are greping out of the BLACKLIST file (thrown into your
PISSNELKE variable) directly into the hosts.allow file like that.
You need to sanitize the contents of PISSNELKE before you can embed
it or you will be vulnerable to reverse DNS insertion attacks. For
example, what would happen if $PISSNELKE contained a ':' ? Or a
wildcard?
I'd like to see those connections denied too but the next best thing
is to not use passwords at all.... use ssh only for all machine access,
like we do on leaf.dragonflybsd.org (and every other machine I manage,
including my personal boxes).
-Matt
Matthew Dillon
<dillon@backplane.com>
[
Date Prev][
Date Next]
[
Thread Prev][
Thread Next]
[
Date Index][
Thread Index]