[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Block IP address after failure Bind

To: Kurt Zeilenga <Kurt@OpenLDAP.org>
Subject: Re: Block IP address after failure Bind
From: Howard Chu <hyc@symas.com>
Date: Tue, 10 Feb 2009 14:11:34 -0800
Cc: jakjr <joao.alfredo@gmail.com>, openldap-technical@OpenLDAP.org
In-reply-to: <ECDF6714-0679-4B71-B4DA-AE74B5A4BC87@OpenLDAP.org>
References: <eca827cf0902100946k25070d04k616b2432d755fc0@mail.gmail.com> <ECDF6714-0679-4B71-B4DA-AE74B5A4BC87@OpenLDAP.org>
User-agent: Mozilla/5.0 (X11; U; Linux x86_64; rv:1.9.2a1pre) Gecko/20090202 SeaMonkey/2.0a1pre Firefox/3.0.3

Kurt Zeilenga wrote:

On Feb 10, 2009, at 9:46 AM, jakjr wrote:

Hello,

Is there a way to block a specific ip address when this ip attempt to
bind many times if failure result ??

This could be useful to prevent a brute-force attack.

I know that ppolicy can lockout the user after some failed attempts.
But I would like to block new connections from the IP, after this IP
try to make a number of fail binds.


I would think this much better handled by an system external to
slapd(8) that would monitor slapd(8) logs and then adjust firewall
rules on the server (or upstream of the server) accordingly.
Basically, an intrusion detection system.


Agreed. Something like
denyhosts	http://denyhosts.sourceforge.net/
fail2ban	http://www.fail2ban.org/wiki/index.php/Main_Page
blockhosts	http://www.aczoom.com/cms/blockhosts/

etc...

--
  -- Howard Chu
  CTO, Symas Corp.           http://www.symas.com
  Director, Highland Sun     http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/

Follow-Ups:
- Re: Block IP address after failure Bind
  - From: jakjr <joao.alfredo@gmail.com>

References:
- Block IP address after failure Bind
  - From: jakjr <joao.alfredo@gmail.com>
- Re: Block IP address after failure Bind
  - From: Kurt Zeilenga <Kurt@OpenLDAP.org>

Prev by Date: Re: Block IP address after failure Bind
Next by Date: nss_ldap SSL/TLS problems..
Index(es):
- Chronological
- Thread