[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Block IP address after failure Bind
Thanks.
I will give a look in these IDS.
Best Regards,
jakjr
On Tue, Feb 10, 2009 at 8:11 PM, Howard Chu <hyc@symas.com> wrote:
> Kurt Zeilenga wrote:
>>
>> On Feb 10, 2009, at 9:46 AM, jakjr wrote:
>>
>>> Hello,
>>>
>>> Is there a way to block a specific ip address when this ip attempt to
>>> bind many times if failure result ??
>>>
>>> This could be useful to prevent a brute-force attack.
>>>
>>> I know that ppolicy can lockout the user after some failed attempts.
>>> But I would like to block new connections from the IP, after this IP
>>> try to make a number of fail binds.
>>
>> I would think this much better handled by an system external to
>> slapd(8) that would monitor slapd(8) logs and then adjust firewall
>> rules on the server (or upstream of the server) accordingly.
>> Basically, an intrusion detection system.
>
> Agreed. Something like
> denyhosts http://denyhosts.sourceforge.net/
> fail2ban http://www.fail2ban.org/wiki/index.php/Main_Page
> blockhosts http://www.aczoom.com/cms/blockhosts/
>
> etc...
>
> --
> -- Howard Chu
> CTO, Symas Corp. http://www.symas.com
> Director, Highland Sun http://highlandsun.com/hyc/
> Chief Architect, OpenLDAP http://www.openldap.org/project/
>