Re: denyhosts-like app for MySQLd?

Willem Jan Withagen wrote:
> Jordi Espasa Clofent wrote:
>>> Hi,
>>>
>>> There is a functionality in pf, that allows you to have an 
>>> application to update a list of hosts, that is used in a rule. You 
>>> could have a script harvest the addresses from your log files, and 
>>> then update the table in pf. I have not tried it myself, but was 
>>> looking at adopting an implementation to create a tarpit for 
>>> spammers based on this idea.
>>
>> Yes Tim, I know it. The "problem" is the servers are builded in IPFW as
>> firewall solution.
>> I've tried the "limit" IPFW's option... but isn't exactly what I'm
>> looking for.
>
> Have a look at swatch in the ports, and build some rules that add 
> blocking rules to the beginning of your firewall rule set.
> I've got servers running with > 3500 rules ;), and the box doesn't 
> even notices it.
> (you can even/easily do things in perl embedded in the rules.)

make sure to parse the logs "strictly". consider this:

# mysql -h yourserver -u foo\'@\'10.1.2.3.4\'
.... Access denied for user 'foo'@'10.1.2.3.4''@'yourip' (using password: NO)

so you'd better pick the right IP here.

>
> The best suggestion is of course to only let those in, you want to let 
> in. Block others by default.
>
> I'm using the above scenario on public mailservers, with harvesting 
> from the postgrey output. And from the ssh log output.
>
> --WjW
> _______________________________________________
> freebsd-security@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-security
> To unsubscribe, send any mail to 
> "freebsd-security-unsubscribe@freebsd.org"

_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"