LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
Reload this Page RFxnetworks brute force detector bypass???
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 11-29-2008, 10:34 AM   #1
abefroman
Senior Member
 
Registered: Feb 2004
Location: lost+found
Distribution: CentOS
Posts: 1,430

Rep: Reputation: 55
RFxnetworks brute force detector bypass???

Is there a RFxnetworks brute force detector bypass???

I run the BFD and APF from http://rfxnetworks.com/
have received 6097 failed login attempts from the same IP, that BFD should have blocked.

The IP was ( I am blocking the last 2 octets to protect the guilty):
173.8.x.x

But on the 6th failed login the entry inserted into
/etc/apf/deny_hosts.rules
is: 173-8-x-x-sfba.hfc.comcastbusiness.net
(this host name does not ping)

When I try to manually add 173.8.x.x, I get the error:
# apf -d 173.8.x.x
173.8.x.x already exists in /etc/apf/deny_hosts.rules


Also in /var/log/secure, I noticed the IP in this format:
::ffff:173.8.x.x

Why is the BFD resolving the IP to a hostname?

How can I get it to just block the IP?

TIA
 
Old 11-29-2008, 05:07 PM   #2
internetSurfer
Member
 
Registered: Jan 2008
Location: w3c
Distribution: Slackware 12 Zenwalk 5.2
Posts: 71

Rep: Reputation: 16
You can use linblock in conjunction with BFD and APF.

Similar scenario here: APF / BFD bug just found ...

Test new implementations if used.

_
 
  


Reply



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
What is a brute force detector that will work with remote sysloging? abefroman Linux - Security 1 06-06-2008 06:36 AM
Does anyone know if guardian can be set to block brute force attacks and only brute f abefroman Linux - Software 2 06-05-2008 10:55 AM
Will the BFD or any brute force detector work if I am logging to a remote syslog serv abefroman Linux - Software 2 06-02-2008 05:08 AM
someone trying to brute force me stitchman Slackware 8 12-16-2005 02:02 PM
Brute Force kwigibo Linux - General 2 08-01-2002 12:42 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 06:56 AM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration