[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Block IP address after failure Bind


I will give a look in these IDS.

Best Regards,

On Tue, Feb 10, 2009 at 8:11 PM, Howard Chu <hyc@symas.com> wrote:
> Kurt Zeilenga wrote:
>> On Feb 10, 2009, at 9:46 AM, jakjr wrote:
>>> Hello,
>>> Is there a way to block a specific ip address when this ip attempt to
>>> bind many times if failure result ??
>>> This could be useful to prevent a brute-force attack.
>>> I know that ppolicy can lockout the user after some failed attempts.
>>> But I would like to block new connections from the IP, after this IP
>>> try to make a number of fail binds.
>> I would think this much better handled by an system external to
>> slapd(8) that would monitor slapd(8) logs and then adjust firewall
>> rules on the server (or upstream of the server) accordingly.
>> Basically, an intrusion detection system.
> Agreed. Something like
> denyhosts       http://denyhosts.sourceforge.net/
> fail2ban        http://www.fail2ban.org/wiki/index.php/Main_Page
> blockhosts      http://www.aczoom.com/cms/blockhosts/
> etc...
> --
>  -- Howard Chu
>  CTO, Symas Corp.           http://www.symas.com
>  Director, Highland Sun     http://highlandsun.com/hyc/
>  Chief Architect, OpenLDAP  http://www.openldap.org/project/