denyhosts-like app for MySQLd?
mouss
mouss at netoyen.net
Mon Jan 21 16:40:16 PST 2008
Willem Jan Withagen wrote:
> Jordi Espasa Clofent wrote:
>>> Hi,
>>>
>>> There is a functionality in pf, that allows you to have an
>>> application to update a list of hosts, that is used in a rule. You
>>> could have a script harvest the addresses from your log files, and
>>> then update the table in pf. I have not tried it myself, but was
>>> looking at adopting an implementation to create a tarpit for
>>> spammers based on this idea.
>>
>> Yes Tim, I know it. The "problem" is the servers are builded in IPFW as
>> firewall solution.
>> I've tried the "limit" IPFW's option... but isn't exactly what I'm
>> looking for.
>
> Have a look at swatch in the ports, and build some rules that add
> blocking rules to the beginning of your firewall rule set.
> I've got servers running with > 3500 rules ;), and the box doesn't
> even notices it.
> (you can even/easily do things in perl embedded in the rules.)
make sure to parse the logs "strictly". consider this:
# mysql -h yourserver -u foo\'@\'10.1.2.3.4\'
... Access denied for user 'foo'@'10.1.2.3.4''@'yourip' (using password: NO)
so you'd better pick the right IP here.
>
> The best suggestion is of course to only let those in, you want to let
> in. Block others by default.
>
> I'm using the above scenario on public mailservers, with harvesting
> from the postgrey output. And from the ssh log output.
>
> --WjW
> _______________________________________________
> freebsd-security at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-security
> To unsubscribe, send any mail to
> "freebsd-security-unsubscribe at freebsd.org"
More information about the freebsd-security
mailing list