Thanks.
I will give a look in these IDS.
Best Regards, jakjr
On Tue, Feb 10, 2009 at 8:11 PM, Howard Chu hyc@symas.com wrote:
Kurt Zeilenga wrote:
On Feb 10, 2009, at 9:46 AM, jakjr wrote:
Hello,
Is there a way to block a specific ip address when this ip attempt to bind many times if failure result ??
This could be useful to prevent a brute-force attack.
I know that ppolicy can lockout the user after some failed attempts. But I would like to block new connections from the IP, after this IP try to make a number of fail binds.
I would think this much better handled by an system external to slapd(8) that would monitor slapd(8) logs and then adjust firewall rules on the server (or upstream of the server) accordingly. Basically, an intrusion detection system.
Agreed. Something like denyhosts http://denyhosts.sourceforge.net/ fail2ban http://www.fail2ban.org/wiki/index.php/Main_Page blockhosts http://www.aczoom.com/cms/blockhosts/
etc...
-- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/