9:46 a.m.
Hello,
Is there a way to block a specific ip address when this ip attempt to
bind many times if failure result ??
This could be useful to prevent a brute-force attack.
I know that ppolicy can lockout the user after some failed attempts.
But I would like to block new connections from the IP, after this IP
try to make a number of fail binds.
Best regards,
Jakjr
11:06 a.m.
jakjr <joao.alfredo(a)gmail.com> writes:
Hello,
Is there a way to block a specific ip address when this ip attempt to
bind many times if failure result ??
This could be useful to prevent a brute-force attack.
I know that ppolicy can lockout the user after some failed attempts.
But I would like to block new connections from the IP, after this IP
try to make a number of fail binds.
man slapd.access(5) only describes positive connections but there is a
hint to disable defined objectclasses. Something like
access to <whatever> by peername.ip=<ipnumber> attrs=!objectclass=*
But you may file an ITS to ask for negative connection rules.
-Dieter
--
Dieter Klünter | Systemberatung
http://www.dpunkt.de/buecher/2104.html
sip: +49.180.1555.7770535
GPG Key ID:8EF7B6C6
53°08'09,95"N
10°08'02,42"E
1:55 p.m.
On Feb 10, 2009, at 9:46 AM, jakjr wrote:
Hello,
Is there a way to block a specific ip address when this ip attempt to
bind many times if failure result ??
This could be useful to prevent a brute-force attack.
I know that ppolicy can lockout the user after some failed attempts.
But I would like to block new connections from the IP, after this IP
try to make a number of fail binds.
I would think this much better handled by an system external to
slapd(8) that would monitor slapd(8) logs and then adjust firewall
rules on the server (or upstream of the server) accordingly.
Basically, an intrusion detection system.
-- Kurt
2:11 p.m.
Kurt Zeilenga wrote:
On Feb 10, 2009, at 9:46 AM, jakjr wrote:
> Hello,
>
> Is there a way to block a specific ip address when this ip attempt to
> bind many times if failure result ??
>
> This could be useful to prevent a brute-force attack.
>
> I know that ppolicy can lockout the user after some failed attempts.
> But I would like to block new connections from the IP, after this IP
> try to make a number of fail binds.
I would think this much better handled by an system external to
slapd(8) that would monitor slapd(8) logs and then adjust firewall
rules on the server (or upstream of the server) accordingly.
Basically, an intrusion detection system.
Agreed. Something like
denyhosts http://denyhosts.sourceforge.net/
fail2ban http://www.fail2ban.org/wiki/index.php/Main_Page
blockhosts http://www.aczoom.com/cms/blockhosts/
etc...
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
3:31 a.m.
Thanks.
I will give a look in these IDS.
Best Regards,
jakjr
On Tue, Feb 10, 2009 at 8:11 PM, Howard Chu <hyc(a)symas.com> wrote:
Kurt Zeilenga wrote:
>
> On Feb 10, 2009, at 9:46 AM, jakjr wrote:
>
>> Hello,
>>
>> Is there a way to block a specific ip address when this ip attempt to
>> bind many times if failure result ??
>>
>> This could be useful to prevent a brute-force attack.
>>
>> I know that ppolicy can lockout the user after some failed attempts.
>> But I would like to block new connections from the IP, after this IP
>> try to make a number of fail binds.
>
> I would think this much better handled by an system external to
> slapd(8) that would monitor slapd(8) logs and then adjust firewall
> rules on the server (or upstream of the server) accordingly.
> Basically, an intrusion detection system.
Agreed. Something like
denyhosts http://denyhosts.sourceforge.net/
fail2ban http://www.fail2ban.org/wiki/index.php/Main_Page
blockhosts http://www.aczoom.com/cms/blockhosts/
etc...
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
5414
days inactive
5415
days old
openldap-technical@openldap.org
4 comments
4 participants
participants (4)
-
Dieter Kluenter -
Howard Chu -
jakjr -
Kurt Zeilenga