[Date Prev][Date Next]
Re: Block IP address after failure Bind
I will give a look in these IDS.
On Tue, Feb 10, 2009 at 8:11 PM, Howard Chu <firstname.lastname@example.org> wrote:
> Kurt Zeilenga wrote:
>> On Feb 10, 2009, at 9:46 AM, jakjr wrote:
>>> Is there a way to block a specific ip address when this ip attempt to
>>> bind many times if failure result ??
>>> This could be useful to prevent a brute-force attack.
>>> I know that ppolicy can lockout the user after some failed attempts.
>>> But I would like to block new connections from the IP, after this IP
>>> try to make a number of fail binds.
>> I would think this much better handled by an system external to
>> slapd(8) that would monitor slapd(8) logs and then adjust firewall
>> rules on the server (or upstream of the server) accordingly.
>> Basically, an intrusion detection system.
> Agreed. Something like
> denyhosts http://denyhosts.sourceforge.net/
> fail2ban http://www.fail2ban.org/wiki/index.php/Main_Page
> blockhosts http://www.aczoom.com/cms/blockhosts/
> -- Howard Chu
> CTO, Symas Corp. http://www.symas.com
> Director, Highland Sun http://highlandsun.com/hyc/
> Chief Architect, OpenLDAP http://www.openldap.org/project/